Data Protection Declaration of Zentis GmbH & Co. KG

(Effective: January 2022)

Thank you for your interest in our website www.zentis.de and in our company (“Zentis”) as well as our products and services. We at Zentis are aware that the protection of your privacy when using this website is an important issue. For this reason, compliance with the statutory regulations for data protection is a matter of course for us. Furthermore, it is important to us that you, as a customer, know at all times when and how we collect and store which of your data and how we use it.

 

In the following, we inform you about the collection and other processing (e.g. storage, retrieval, modification, forwarding) of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

 

If we process personal data in the course of using our website or if we use contracted service providers for individual functions, offers or services on our website that involve data processing or if we want to use your data for advertising purposes, we will inform you in detail below about the respective processes, in particular which data is processed in this context. In doing so, we will also state the intended storage period or at least the defined criteria for the storage period as well as the relevant legal basis for the respective processing.

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:

Zentis GmbH & Co. KG, Jülicher Straße 177, 52070 Aachen, Telephone: +49 241 4760-0, E-Mail: info@zentis.de, Internet: www.zentis.de

II. Contact details of the data protection officer

You can reach our data protection officer at datenschutz@zentis.de or at our postal address mentioned under Section I to the attention of the “Data Protection Officer”. You can also reach our data protection officer by telephone using our central extension number +49 241 4760-0.

III. Collection and storage of personal data as well as type, purpose, legal basis and duration of their use

§ 1 WHEN VISITING THE WEBSITE

During the mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we collect the personal access data in so-called server log files, which your browser transmits to our server. The following data is collected as part of the server log files:

  • IP address

  • Date and time of the request

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (specific page)

  • Access status/HTTP status code

  • Amount of data transferred in each case

  • Website from which the request comes

  • Browser

  • Operating system and its interface

  • Language and version of the browser software.

Purposes and legal basis of processing

This data is evaluated and subsequently discarded exclusively to ensure trouble-free operation of the website with regard to stability and security and to improve our offer. The legal basis for the data processing is Art. 6 para. 1 p.1 lit. f of the General Data Protection Regulations (GDPR). Our legitimate interest follows from the aforementioned purposes of data collection.

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Duration of data storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations of this under sections IV and V of this Privacy Policy.

§ 2 CONTENT MANAGMENT SYSTEM

To manage the various Zentis websites, we use the Content Management System (“CMS”) by Pimcore GmbH, Söllheimer Straße 16, 5020 Salzburg, Austria (“Pimcore”). The CMS enables us to efficiently manage, update and publish content on our websites. Furthermore, this enables a simplified integration of content from different sources. Pimcore collects the personal data described in Section III § 1 through the use of log files and cookies.  

For further information on the CMS Pimcore, please refer to the following link: https://pimcore.com/de/plattform/cms/einleitung

 

Purposes and legal basis of processing

The purpose of the processing is to enable the efficient management of the website content as outlined above.

Recipients / Categories of recipients

The recipient of the collected data is Pimcore. Zentis has concluded an order data processing agreement with Pimcore.

Transfer to third countries

A transfer to third countries does not take place.

Duration of data storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

§ 3 WHEN USING OTHER SERVICES, FUNCTIONS AND OFFERS OF OUR WEBSITE

In addition to the purely informational use of our website, we offer services and functions that you can use if you are interested. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply. The offers and functions are described in more detail below.

(1) Contact form
 

When you contact us using our contact form (Praise & Inquiry), using the Complaint Spreads/ Confectionery or General Inquiry form, the data you voluntarily provide (your e-mail address, first and last name and, if applicable, telephone number, place of residence and zip code) will be stored by us in order to answer your question. The specification of e-mail address and first name and surname is required, all other information is voluntary. In the event of a complaint, further information may be required for return vouchers or replacement services.

In this case, the answer will be given by e-mail or, if indicated, by telephone number.

Purposes and legal basis of processing

The legal basis for the processing is Art. 6 para. 1 lit. a and b of the GDPR on the basis of your voluntarily given consent or to respond to your inquiry.

Recipients / Categories of recipients

The personal data collected with regard to the contact form will not be transferred to third parties.

Duration of data storage

We delete the data accrued in this context after completion of the request you have made or restrict the processing if there are legal obligations to retain data.

(2) Newsletter
 

With your consent, you can subscribe to our newsletter. Here we inform you about our current interesting offers.

For the registration of our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store the times of your registration and confirmation. The purpose of this procedure is to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data.

The only mandatory information needed for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address only for the purpose of sending the newsletter.

 

Purposes and legal basis of processing

The purpose of the data processing is the implementation of the newsletter distribution. The legal basis is The legal basis is your consent in accordance with Art. 6 para. 1 lit. a. of the GDPR.

Recipients / Categories of recipients

Newsletter2Go is used as the newsletter software. Your data will be transferred to Newsletter2Go GmbH, Köpenicker Str. 126, D-10179 Berlin (“Newsletter2Go”). Newsletter2Go is prohibited from selling your data and using it for purposes other than distributing newsletters. Newsletter2Go is a German, certified provider, which was selected according to the requirements of the German Data Protection Regulation and the Federal Data Protection Act. To ensure data protection, Zentis has concluded an order data processing agreement with Newsletter2Go.

For more information: https://www.newsletter2go.de/informationen-newsletter-empfaenger/

 

Duration of data storage

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in every newsletter e-mail, by an e-mail to datenschutz@zentis.de or by sending a message to the contact details provided in the Imprint.

(3) Online job application
 

If you apply for a job at Zentis on this website, personal data will be collected via our applicant management system that you provide to us as part of the application. We use the system by d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg (“d.vinci”) to manage applications. To ensure data protection, Zentis has concluded an order data processing agreement with d.vinci.

The individual data collected may vary depending on the job advertisement. However, the data collected does not go beyond the following:

  • Title

  • First name

  • Last name

  • Date of birth

  • Country

  • Addition to address

  • Street

  • Zip code

  • City

  • E-mail address 

  • Telephone

  • Earliest possible start

  • Last job

  • Annual salary expectation

  • Complete application documents

  • Application photo 

  • How did you hear about us?

  • Data Protection Declaration accepted

Purposes and legal basis of processing

The purpose of the data processing is the implementation of the job application process. The legal basis is Art. 6 para. 1 lit. a. and b. of the GDPR.

Recipients / Categories of recipients

The recipient of the collected data is d.vinci.

Transfer to third countries

A transfer to third countries does not take place.

Duration of data storage

The data will be deleted as soon as it is no longer required, usually after the application process has been completed or (should a position be filled at Zentis), after the end of the employment relationship. Mandatory legal provisions - in particular retention periods - remain unaffected by this.

(4) Online campaigns (competitions, campaign forms)

 

With your consent, you can participate in competitions on our website or submit a campaign form (contact form) for campaigns. Facelift is used as the software. Your data will be SSL-encrypted on the basis of an agreement on order data processing to Facelift brand building technologies GmbH, Gerhofstr. 19, 20354 Hamburg, Germany. Facelift is prohibited from selling your data and using it for other purposes. Facelift is a German, certified provider, which was selected according to the requirements of the German Data Protection Regulation and the Federal Data Protection Act. There is no transfer of personal data to third countries or international organizations outside the EU. You can find more information at www.facelift-bbt.com.

Purposes and legal basis of processing

The processing is based on your consent (Art. 6 para. 1 lit. a of the GDPR) for the implementation of the campaigns and sweepstakes, or on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f of the GDPR).

Recipients / Categories of recipients

The data entered by you remains with us or our commissioned data processor.

Duration of data storage

The personal data collected will be stored until you ask us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. end of the campaign/sweepstakes). Mandatory legal provisions - in particular retention periods - remain unaffected.

IV. Use of cookies

§ 1 SCOPE OF DATA PROCESSING

In order to make your visit to our website as user-friendly and effective as possible and to enable the use of certain functions, we work with so-called cookies on some of our pages/ Cookies are small text files which are stored on your device and which save certain settings and data via your browser for the exchange with our system. With these cookies, the party placing the cookies will be provided with specific information Cookies cannot execute any programs or transmit viruses to your computer.

Please note that certain cookies are already placed on your computer as soon as you access our website. This website uses the following types of cookies:
 

Mandatory / Functional cookies: These cookies are mandatory to ensure the operation of the website.  For instance, these may be cookies which enable you to sign in to the customer area or place items into your shopping cart.
 

- Transient cookies: These are automatically deleted when you close the browser. In particular, these include session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
 

- Persistent cookies: These are deleted automatically after a specified duration, which may differ depending on the cookie. However, you can also delete the cookies at anytime in your browser’s security settings.
 

- Third party cookies: These cookies of some of our advertising parties help to make our services and our website a more interesting experience for you.  For this reason, we also save the cookies of our partner companies on your hard drive when you visit our website. These are temporary cookies which delete themselves automatically after a set period.  In general, the cookies of partner companies are deleted after a few days or 24 months, or in individual cases after a few years. The cookies of our partner companies do not contain any personal data.  Only pseudonymized data under a user ID is collected.  This pseudonymous data will not be merged with your personal data at any time.
 

You can configure your browser settings to meet your own needs and requirements, e.g. reject the acceptance of third-party cookies or other cookies.  Also, your browser can be configured so that you will be notified when a cookie is put on your computer.  For this, please consult the your browser operator.  We would like to point out that the rejection of cookies may mean that you cannot use all functions of this website.
 

In addition, we use the Usercentrics consent management tool which enables fast and uncomplicated consent or rejection of individual cookies. For more information, please refer to § 2.
 

Further information on analytics cookies is listed under Section V.

Purposes and legal basis of processing

In principle, the cookies set do not result in the collection of personal data by us.


 If, however, the processing of personal data through the cookies allows us to draw conclusions about you, the processing is based on Art. 6 para. 1 p. 1 lit. a, b or f of the GDPR as the legal basis. Our legitimate interest results from the above-mentioned purposes to make the offer of our website more user-friendly and effective.

 

§ 2 CONSENT MANAGEMENT BY USERCENTRICS

We use the Usercentrics Consent Management Platform by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (“Usercentrics”) to manage consent for the cookies or analytics services used on our website. This allows you to easily decide which analytics services you want to allow.

Usercentrics collects and stores log file and consent data through a JavaScript. This enables users to be informed about their consents to certain tags on our website as well as to obtain, manage and document them.
 

The following data is processed:

- Data of the consent (anonymized log data)

- Data of the devices used (including shortened IP addresses, device information, timestamp)

- User data (including e-mail, ID, browser information, SettingIDs, changelog)

Purposes and legal basis of processing

The purpose of the data processing is the analysis and management of the consents granted in order to enable the use of cookies in compliance with data protection requirements. The legal basis is Art. 6 para. 1 lit. f of the GDPR.

Recipients / Categories of recipients

The recipient of the collected data is Usercentrics.

Transfer to third countries

A transfer to third countries does not take place.

Duration of data storage

The data is deleted as soon as it is no longer required. The duration of the cookie in this regard is 60 days. Evidence of revoked consent is retained for a period of three years.

V. Use of analytics tools

We use web analytics services on our website for the purpose of targeted design and advertising.

§ 1 GOOGLE ANALYTICS

Insofar as you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Barrow Street, Dublin, D04 E5W5 Ireland or Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The use includes the “Universal Analytics” mode of operation. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze the activities of a user across devices. Google Analytics uses so-called “cookies”, see above, which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be transferred to a Google server in the USA and stored there. In case of activation of the IP anonymization on this website, your IP address will be truncated by Google within the Member States of the European Union or other parties to the Agreement on the European Economic Area. We would like to point out that on this website Google Analytics has been extended by an IP anonymization to ensure anonymized collection of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can find more detailed information on Google's Terms of Use and Privacy Policy at https://www.google.com/analytics/terms/de.html and at https://policies.google.com/?hl=de.

Purposes and legal basis of processing

On behalf of Zentis, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator. The legal basis for the processing is Art. 6 para. 1 lit. a of the GDPR.

 

Recipients / Categories of recipients

The recipient of the collected data is Google.

Transfer to third countries

The personal data is transferred to the USA. Google has committed itself with a so-called standard contractual clause to ensure European data protection standards. Google's standard contractual clause is available at the following link:
https://business.safety.google/adscontrollerterms/sccs/.

Duration of data storage

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Data subject rights

You can revoke your consent at any time with effect for the future by preventing the storage of cookies by means of an appropriate setting in your browser software or by revoking your consent in the context of Usercentrics; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (incl. your IP address) and the processing of these data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used. If you click here, the opt-out cookie will be set:  Google Analytics Opt-Out.

§ 2 GOOGLE TAG MANAGER

This website also uses Google Tag Manager by Google. Through this service, website tags can be managed via an interface. The Google Tag Manager only implements tags, so that no cookies are set. This means that no personal data is collected by the Google Tag Manager. However, the Google Tag Manager triggers further tags, which in turn may collect personal data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
 

You can find more information about the Google Tag Manager here: https://support.google.com/tagmanager/answer/7582054?hl=de

Purposes and legal basis of processing

The Google Tag Manager enables the use of further services, such as Google Analytics, which makes it possible to evaluate the use of this website. The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a of the GDPR as well as our legitimate interest in evaluating the use of our website, Art. 6 para. 1 lit. f of the GDPR.

§ 3 FACEBOOK PIXEL

Insofar as you have declared your consent, the so-called “Facebook Piixel” (website custom audience pixel) by Meta Platforms Ireland Limited, 4 Grand Canal Square,


Grand Canal Harbour, Dublin, Ireland or Meta Platforms Inc., 1601 Willow Road Menlo Park, CA 94025 United States (“Meta”) is used on this website. Through this pixel, cookies are stored on your computer, whereby information about the use of this website can be collected and transferred to Meta. This information can be associated with other information that Meta has stored about you. This allows you to be shown interest-based advertisements in your Facebook account (retargeting). In addition, Meta can recognize whether a Facebook ad was successful and, in particular, led to a purchase. In this regard, we only receive statistical data from Meta without any reference to a specific person.

You can find more information on the terms of use and data protection at https://www.facebook.com/about/privacy/.

Purposes and legal basis of processing

The use of the Facebook Pixel enables us to record the effectiveness of Facebook ads for statistical and market research purposes. The legal basis for the processing is Art. 6 para. 1 lit. a of the GDPR.

Recipients / Categories of recipients

The recipient of the collected data is Meta.

Transfer to third countries

The personal data is transferred to the USA. Meta has committed itself with a so-called standard contractual clause to ensure the European data protection standards. Meta's standard contractual clause is available at the following link:
https://www.facebook.com/legal/EU_data_transfer_addendum

Duration of data storage

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 12 months at the latest. Data whose retention period has been reached is automatically deleted once a month.

Data subject rights

You can revoke your consent at any time with effect for the future by preventing the storage of cookies by means of an appropriate setting in your browser software or by revoking your consent in the context of Usercentrics; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Meta and the processing of this data by Meta by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. If you click here, the opt-out cookie will be set:  Meta Opt-Out.

VI. Linking to our social media sites

Our website contains links to our social media sites:

Facebook

Instagram

YouTube

When you visit our site, no personal data is initially passed on to the providers of the social network as a matter of principle. Only if you click on the link to access our page on the relevant social network will the operator of the social network receive the information that you have accessed the relevant website of our online services.  In addition, the data mentioned under Section III §1 of this declaration will be transferred. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By clicking on the link, personal data is therefore transferred from you to the respective provider of the social network and stored there (in the case of US providers in the USA). Since the provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the link.

We can neither influence the collected data and data collection processes nor are the full scope of the data collection, the purpose of the processing and the retention periods known to us. Also, we have no information on the deletion of the collected data by the operator of the social network.

The operator of the social network stores the data collected on you in the form of user profiles and uses it for advertising, market research purposes and/or the targeted design of its website. This evaluation is primarily conducted (also for users who are not signed in) to display targeted advertising and to inform other users on the social network about your activities on our website. You have the right to object to this generation of user profiles, whereby you must address your objection to the relevant operator of the social network as the responsible controller.  With these links we give you the opportunity to interact with the social networks and other users so that we can improve our services and make our website even more interesting for users. 

The data transfer takes place regardless of whether you have an account with the provider of the social network and are signed in there. If you are signed in, your data collected by us will be directly assigned to your account with the respective provider. If you click on the link and, for example, link to the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before clicking on the link, as this allows you to avoid an assignment to your profile with the provider.

For more information on the purpose and scope of data collection and its processing by the provider of the social network, please refer to the privacy statements of these providers, which are communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

Addresses of the respective plug-in providers and URL with their data protection notices:

Meta Inc. (formerly Facebook Inc.), 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php;.

Meta has committed itself to guaranteeing European data protection standards with a standard contractual clause. Meta's standard contractual clause is available at the following link:
https://www.facebook.com/legal/EU_data_transfer_addendum

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (subsidiary of Google); https://www.google.de/intl/de/policies/privacy. Google's standard contractual clause is available at the following link: https://business.safety.google/adscontrollerterms/sccs/.

Purposes and legal basis of processing

The legal basis is Art. 6 para. 1 p. 1 lit. a or f of the GDPR. Our legitimate interest arises from the aforementioned purposes.

VII. Embedding of YouTube videos

We have embedded YouTube videos on our web pages, which are stored at http://www.YouTube.com and can be directly called up on our website.

By visiting the website, YouTube will be notified that you have accessed the relevant page of our website. In addition, the data mentioned under Section III §1 of this declaration will be transferred. This occurs regardless of whether you have a YouTube user account to which you are signed in or whether you have no such account.  If you are signed in to Google, your data will be directly allocated to your account.  However, if you do not wish your actions to be allocated to your YouTube profile, you must sign out before activating the button.  YouTube stores your data in the form of user profiles and uses this data for advertising and market research purposes and/or the targeted design of its website.  This evaluation is primarily conducted (even for users who are not signed in) for the provision of targeted advertising and to inform other users on the social network about your activities on our website. You have the right to object against the generation of these user profiles, whereby you must address your objection to YouTube.

Further information on the purpose and scope of collection and processing of the data by YouTube (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; subsidiary of Google) is available in Google’s data protection declaration. Here, you will also receive additional information on your rights and setting options for the protection of your privacy: https://www.google.de/intl/de/policies/privacy.  As already mentioned, Google also processes your personal data in the USA. In doing so, Google has committed itself to comply with European data protection standards. You can find Google's standard contractual clause here: https://business.safety.google/adscontrollerterms/sccs/.

IX. Your rights

Whenever your personal data is processed, you have rights vis-á-vis us with regard to your own personal data:

RIGHT OF ACCESS BY THE DATA SUBJECT, ART. 15 OF THE GDPR:

You have the right to request a confirmation from the controller on whether your personal data is processed by the controller.

In the event that the data is processed, you can request the controller to disclose the following information:

the purposes for which the personal data is processed;

the categories of personal data which are processed;

the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations. In the latter cases, you can request to be informed about the appropriate guarantees in accordance with Art. 46 of the GDPR relating to the transfer of the data;

the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;

the right to lodge a complaint with a supervisory authority;

where the personal data is not collected from the data subject, any available information as to its source;

the existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

RIGHT TO RECTIFICATION, ART. 16 OF THE GDPR:

You have the right to the rectification and/or completion of the data towards the controller, where the processed personal data concerning you is inaccurate or incomplete.  The controller must rectify the data immediately.

RIGHT TO ERASURE, ART. 17 OF THE GDPR:

A) Right to erasure

You can request the controller to delete all personal data immediately and the controller is obligated to delete this data immediately, where one of the following grounds applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the GDPR and there is no other legal basis for the processing.

You object to the processing pursuant to Art. 21 para. 1 of the GDPR (cf. Section IX) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 of the GDPR.

The personal data concerning you has been processed unlawfully.

The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 para. 1 of the GDPR.

b) Information to third parties

Where the controller has publicly disclosed the personal data concerning you and is obligated to delete such data in accordance with Art. 17 para. 1 of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
 

c) Exceptions

No right to erasure will exist, where the processing of the data is required

for exercising the right of freedom of expression and information;

for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 of the GDPR;

for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 of the GDPR, insofar as the right referred to in Section a) is likely to make impossible or seriously impair the achievement of the purposes of such processing; or

for the establishment, exercise or defense of legal claims.

RIGHT TO RESTRICTION OF PROCESSING, ART. 18 OF THE GDPR:

Under the condition listed below, you may request the processing of your personal data to be restricted:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims; or

if you have objected to the processing pursuant to Art. 21 para. 1 of the GDPR (cf. Section IX) and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If you have obtained a restriction of processing under the above conditions, you will be informed by the controller before the restriction is lifted.

RIGHT TO INFORMATION, ART. 19 OF THE GDPR:

Once you have asserted your right to the rectification, erasure or restriction of processing of the personal data towards the controller, the controller is obligated to notify all recipients to whom the personal data concerning you has been disclosed about the rectification or erasure of the data or the processing restrictions unless this is not possible or requires an unreasonable expense or effort.

You have the right to be notified about the recipients by the controller.

RIGHT TO DATA TRANSFER, ART. 20 OF THE GDPR:

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to which the personal data has been provided, where:

 

the processing is based on consent pursuant to Art. 6 para. 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR or on a contract pursuant to Art. 6 para. 1 lit. b of the GDPR; and

 the processing is carried out by automated means.

In exercising this right, you also have the right to demand that the personal data concerning you is transferred directly from one controller to another, where technically feasible. This may however not restrict the freedoms and rights of others.

Your right to erasure shall remain unaffected.

To right to data portability shall not apply for a processing of personal data required for the performance of a tasks in the public interest or for the exercise of public authority vested to the controller.

RIGHT TO OBJECT, ART. 21 OF THE GDPR

You have the right to object on grounds relating to your particular situation and the right to object to the processing of data for advertising purposes. Further information on this is available in Section IX of this data protection declaration.

RIGHT TO WITHDRAW THE DECLARATION OF CONSENT UNDER THE DATA PROTECTION LAW:

You can withdraw a declaration of consent on the processing of your personal data granted by you to the controller at any time. Please note that this withdrawal shall however take effect in the future. it shall not affect the lawfulness any processing of the data previously carried out on the basis of your declaration of consent.

AUTOMATED INDIVIDUAL DECISION-MAKING INCLUDING PROFILING, ART. 22 OF THE GDPR

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effect on you or which affects you significantly in a similar way. This shall not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the data controller;

(2) is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is carried out with your express consent.

In the cases (1) and (3), the controller will take reasonable measures to protect your rights, freedoms and legitimate interests, which at least includes the right to enforce a natural person to become involved on part of the controller, to present the own view and to contest a decision.


 

Decisions generated solely on the basis of an automated processing may also not be based on certain categories of personal data in accordance with Art. 9 para. 1 of the GDPR, to the extent that Art. 9 para. 2 lit. a or g of the GDPR does not apply and adequate measures for the protection of the rights, freedoms and legitimate interests are taken.

RIGHT TO LODGE COMPLAINT WITH A SUPERVISORY AUTHORITY, ART. 77 OF THE GDPR:

You have the right to lodge a complaint about the processing of your personal data with a supervisory body for data protection You can lodge your complaint to the supervisory body in the Member State of your place of residence, your place of work or the place of the alleged infringement.  The supervisory body where the complaint is lodged, will inform you as the complainant of the progress and the results of the complaint as well as the option of a judicial remedy before court in accordance with Art. 78 of the GDPR.

IX. Right to object in accordance with Art. 21 of the GDPR

RIGHT TO OBJECT ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION:

You have the right to object to the processing of your personal data conducted on the basis of Art. 6 para. 1 lit. e of the GDPR (processing of data in the public interest) and Art. 6 para. 1 p. 1 lit. f of the GDPR (data processing for the protection of the legitimate interests of the controller or a third party) at any time for grounds relating to your personal situation; this also applies for a profiling based on these provisions.  After receiving your objection, we will cease to process your personal data unless we can provide compelling legitimate grounds for the processing, which take priory of your interests, rights and freedoms, or where the processing serves to establish, exercise and defend legal claims.

 

RIGHT TO OBJECT TO THE PROCESSING OF DATA FOR ADVERTISING PURPOSES

In individual cases, we may process your personal data for the purpose of direct advertising.  You have the right to object to the processing of the personal data concerning you for the purpose of such advertising at any time; this also applies for profiling where it relates to such direct advertising activities.  Once you object to a processing of your personal data for the purpose of direct advertising, your personal data will then no longer be processed for this purpose.

In the above mentioned cases, you can object informally, preferably by sending an e-mail with “Objection” in the header to:

Datenschutz@zentis.de or at the postal address listed in Section I to the attention of the “Data Protection Officer”.

X. Data security

We strive to take all technical and organizational measures to store your personal data in a way so that it cannot be accessed by third parties.  When communicating by email, we can however not guarantee complete data security, so that we recommend you to send any confidential information by post.

For reasons of security and to protect the transfer of confidential contents, this website works with SSL encryption, for example for any inquiries you send to us as the operator.  You can recognize an encrypted connection when the "http://" in the address bar of your bowser changes to "https://" and by the padlock symbol in your browser bar.  When the SSL encryption is activated, the data you transfer to us cannot be read by third parties.