This is the Privacy Policy of GIANTS Software GmbH (“GIANTS”, “we”). We offer information and the opportunity to download electronic games (hereinafter jointly referred to as “Services”) in the Shop section (“Shop”) of our websites (“Website”). This Privacy Policy will inform you about the type of personal data we collect in the context of your use of the Services and about the purpose for which it will be used. It will also inform you about your rights. We take our responsibility for the protection and processing of personal data very seriously. We use a variety of technical means and contractual arrangements to protect your data against unauthorised access and loss. We have implemented the necessary technical and organizational measures. Please note that where links lead to the websites of third parties, those companies provide their own privacy notices which apply to the use of their websites. We only offer our services to individuals who are at least 16 years old. Therefore we do not knowingly collect data from, or process data of, individuals under the age of 16.
The Controller, as this term is defined by the General Data Protection Regulation, other national data protection laws of the Member States, and other data protection regulations, is:
GIANTS Software GmbH
Wiesenstrasse 19
8952 Zürich-Schlieren
Switzerland
GIANTS Software Entertainment GmbH, Nägelsbachstraße 33, 91052 Erlangen, Germany.
Jan-Hendrik Pfitzner, GIANTS Software GmbH, Wiesenstrasse 19, 8952 Zürich-Schlieren, Switzerland.
As a matter of principle, we only collect the personal data you provide when you use the Services and, as applicable, when you use fee-based services. Personal data is data that contains information on personal or factual circumstances. When you place an order through our website, you are required to provide your name, address, e-mail address and payment information.
Sometimes we also need to ask you for personal data like your name, address, e-mail address and telephone number in order to process your inquiries or to provide support to you.
In addition, we collect data in the context of a voluntary participation in inquiries and surveys. We only disclose personal data to cooperating companies or external service providers where this is required or permitted by law, in particular for the performance of contracts, for processing payments, for protecting other users, or for the prevention of threats to national or public security, or for the prosecution of criminal offences.
Your legitimate interests will be considered in accordance with the statutory data protection regulations.
We treat all of this information confidentially and in compliance with the statutory data protection regulations. As a matter of principle, we do not disclose such information to third parties without your consent unless this is required for the performance and execution of the contract, for processing your inquiry, or for providing support services to you, or unless it is permitted pursuant to the statutory data protection regulations.
Where we obtain data subjects’ consent for processing operations involving personal data, the processing of personal data is based on Art. 6 (1)(a) of the EU General Data Protection Regulation (GDPR).
The legal basis for processing personal data which is necessary for the performance of a contract to which the data subject is a party, is Art. 6 (1)(b) GDPR. This also applies to processing operations that are necessary for taking steps prior to entering into a contract.
Where the processing of personal data is necessary to comply with a legal obligation to which our company is subject, processing is based on Art. 6 (1)(c) GDPR.
In the event that personal data needs to be processed in order to protect the vital interests of the data subject or another natural person, processing is based on Art. 6 (1)(d) GDPR.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests or the fundamental rights and freedoms of the data subject do not override that legitimate interest, processing is based on Art. 6 (1)(f) GDPR.
We collect and process data in order to enable your use of the services. For instance, this includes processing personal data for the purpose of data security, the stability and operational safety of our system, and for billing purposes. Also we process data in order to assist you with support inquiries. Data is also processed to detect and prevent a misuse of the Services, e.g. a use for fraudulent purposes. Furthermore data is processed to acquire new customers and to present advertising that we believe matches your interests.
The personal data of data subjects is erased or blocked when the purpose of storing it no longer exists. Data can also be stored beyond such time if the European or national legislator provided for this in Union law regulations, laws or other legal regulations to which the Controller is subject. Data is also blocked or erased when a storage period required by the aforementioned regulations expires unless data needs to be stored beyond such time in order to execute or perform a contract.
We have taken the steps that can reasonably be expected of us to prevent unauthorised access to your personal data and the unauthorised use or alteration of this data and minimise the related risks. Nevertheless, the provision of personal data, whether in person, by phone or over the internet, always involves risks, and the possibility of a manipulation or sabotage of technical systems cannot be excluded.
We process the information collected from you in accordance with national and European data protection law. All employees are subject to the obligation to preserve data confidentiality and comply with data protection regulations, and have been trained in this respect. Your data is transmitted in encrypted form using the SSL method.
Every time our Services are requested via our Website, our system automatically collects data and information from the system of the requesting computer. In this context we collect the following data:
The data is also stored in the log files of our system.
The legal basis for the temporary storage of the data and the log files is Art. 6 (1)(f) GDPR.
The system needs to temporarily store the IP address in order to enable the provision of the Services to the user's computer. For this purpose, the system must store the user's IP address for the duration of the session. Data is stored in log files to ensure the operability of the Services. In addition, the log files are used to optimise the Services and to ensure the security of our IT systems. Data is stored beyond the session for the purpose of fraud prevention (e.g. payment fraud, a violation of the rules of the game where one person uses multiple accounts) and for the purpose of IT security (e.g. protection against DDoS attacks). Data sets are only analysed for statistical purposes.
We delete log files after a period of fourteen days. We reserve the right to continue to store IP addresses and log files for a certain period of time even after users have used the services. This is done, in particular, to be able to prevent or investigate any cases of misuse and, in this context, to disclose such data to investigating authorities in individual cases, or to be able to fix bugs. All other data analyses use data in anonymised form where this is possible. After the expiry of this period, the IP address and the log files are deleted completely unless this information must be retained to comply with compulsory legal obligations or unless specific investigations by law enforcement authorities or misuse investigations are pending. These purposes also reflect our legitimate and overriding interest in data processing in accordance with Art. 6 (1)(f) GDPR.
Data is erased when it is no longer needed to achieve the purpose of its collection.
The collection of the data for the provision of the Services and the storage of the data in log files are absolutely necessary to ensure that Services can be operated with as few interruptions as possible. Consequently, users do not have a right to object.
In the context of our Services we provide a support ticket system which can be used to contact us electronically by sending an e-mail to support@giants-software.de. Where users use this option, the data entered is transmitted to and stored by us. This data consists of:
The data collected in this context is not disclosed to third parties. The data is exclusively used to process the inquiry.
The processing of data that is transmitted in the context of sending an e-mail is based on Art. 6 (1)(f) GDPR. If the purpose of the contact by e-mail is to execute a contract, data processing is also based on Art. 6 (1)(b) GDPR.
We only process the personal data to process the e-mail. Where users contact us by e-mail, this also reflects our necessary legitimate interest in processing the data. All other personal data processed while the e-mail is being submitted is used to prevent a misuse of the contact form and to ensure the security of our IT systems.
Data is erased when it is no longer needed to achieve the purpose of its collection, but at the latest one month after the inquiry has been taken care of.
When users contact us, they can object to their personal data being stored at any time. In this case, the correspondence cannot be continued. All personal data that was stored in the context of the user's contacting us will be deleted in this case.
We use “cookies”, i.e. text files or pixels that are stored on the user's display device. Cookies are technologies that are used to collect certain user-specific settings and technical information which allow identification of the user. We use cookies to make our Services more user-friendly. Some elements of our Services require the ability to identify the user. We also use cookies that allow us to analyse user behaviour. Cookies are stored on the user's display device.
There are permanent cookies, which remain on your display device for an extended period of time, and session cookies, which are stored on your display device temporarily and are deleted after the services have been closed.
We use essential cookies, function cookies and performance cookies.
Essential cookies. These cookies are necessary for using the services. Without these essential cookies, we may not be able to make certain services or features available to you, or the presentation of the Services may not be free of errors.
Function cookies. Function cookies allow us to recognise your default settings and to provide enhanced features which better match your needs. For example, they enable us to personalise the Services and to recognise whether we have asked you about certain things or whether you have requested certain services. All of these features help us improve the Services for you.
The following is a list of the cookies placed by us:
The following is a list of the cookies placed by third parties:
Upon users’ first use of the Services, they are informed about the use of cookies. If users do not want cookies to be stored on their display device, or if they want to delete a cookie that was stored or want to be notified when cookies are stored, they can change the settings of their browser or mobile end device accordingly. Information on how to perform each of these actions can be found in the browser's Help section. We would like to expressly point out that it may not be possible to fully use all of the features of the Services in this case.
If you reach our Services through third parties, these third parties may place cookies. This is beyond our control. Please review the privacy notices of these third parties.
The legal basis for processing personal data using cookies is Art. 6 (1)(f) GDPR. The legal basis for the storing of cookies on the end-user-device is sec. 25 para. 2 TDDDG.
The purpose of using cookies that are technically necessary is to simplify the use. Some features of our Services cannot be offered without using cookies. User data collected through technically necessary cookies is not used to create user profiles. These purposes also reflect our legitimate interest in processing the personal data in accordance with Art. 6 (1)(f) GDPR.
Cookies are stored on the user's device and are transmitted to us by that device. Consequently you, as the user, have complete control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser or mobile device. Any cookies already stored can be deleted at any time. This can also be done automatically. Where cookies are disabled, users may no longer be able to fully use all features of the Services.
The Google Tag Manager is a product of Google Inc. The company responsible for the European region is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The Tag Manager is a helpful marketing program to track user behavior and because of this we want to inform you about it in our privacy policy.
Google Tag Manager is an organizational tool that allows website tags to be managed and integrated centrally and via a user interface. Tags are small sections of code that record user activity, for example. The tags are often set by Google-internal products such as Google Ads or Google Analytics and can then be integrated and managed by other companies using the Tag Manager. For example, the tags are used to collect browser data, feed marketing tools, set cookies, etc. (Across multiple websites)
No cookies will be set, but only managed via them, i.e. forwarded to various analysis tools and thus Google only receives anonymized data.
The use of the Google Tag Manager requires the consent of the user. This was obtained with our cookie popup and is based on Art. 6 para. 1 lit. a GDPR (consent) so that we may process the personal data.
We would also like to point out Google's privacy policy: https://policies.google.com/privacy
On the basis of our legitimate interests (i.e. the interest in the analysis, optimisation and efficient operation of our website within the meaning of Art. 6 (1)(f) GDPR), we use Google Analytics, a web analytics service provided by "Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland". (“Google”). Google uses cookies. In general, the information on the users’ use of the website generated by the cookie is transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thereby provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyse users’ use of our website, compile reports on the activities carried out within this website and to provide to us further services related to the use of this website and of the internet. The data processed can be used to create pseudonymous usage profiles of users.
We only use Google Analytics with IP anonymisation. This means that the users’ IP address is shortened by Google within Member States of the European Union or in other States party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases.
The IP address transmitted by the users’ browser will not be combined with other Google data. Users can prevent cookies from being stored by selecting the respective setting in their browser software; in addition, users can prevent the data generated by the cookie and related to their use of the website from being collected and processed by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout.
Further information regarding the use of data by Google and the options for stopping such use and objecting to it is available on Google's web pages: https://www.google.com/intl/de/policies/privacy/partners („Use of data by Google when you use our partners’ websites or apps“), https://www.google.com/policies/technologies/ads („Use of data for advertising purposes“), https://www.google.com/settings/ads („Manage information used by Google to display advertising to you“).
We use the web analytics services Amazon Conversion Pixel and Amazon Remarketing Pixel provided by Amazon of Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA. By visiting this website, Amazon will receive the information that you have accessed our website. For this purpose, Amazon retrieves a “web beacon” (invisible graphics) and places a cookie on your computer in this process. In this context, the data specified in the section “Data processing on this website” of this Privacy Policy will be sent to Amazon. The IP address that is transmitted by your browser in this context will not be combined with other Amazon data. Amazon uses the cookie placed by it to recognise you on other websites, in apps and within services provided by Amazon and, as applicable, display personalised advertising to you. You can prevent cookies from being stored by selecting the respective setting in your browser software. However, we would like to point out that you may not be able to fully use all of the features of this website in this case. In addition, you can prevent the data generated by the cookie and relating to your use of the website from being collected and processed by Amazon by clicking on the following link and selecting the setting “Do not personalise advertising displayed by Amazon for this browser”: https://www.amazon.de/adprefs. In this case, an opt-out cookie is placed in your browser which will prevent any future collection of your data by the Amazon pixels when you visit our website. This objection will remain in effect until you delete the opt-out cookie. Amazon provides further information regarding the collection of data at: https://www.amazon.de/gp/BIT/InternetBasedAds.
We do not have any control over the data collected or any knowledge of the full scope of the data being collected. This data will be transmitted to the USA and will be analysed there. Beyond the privacy policy mentioned above, you can request further information regarding the purpose and scope of the data collection and processing, as well as further information on your respective rights and settings options for the protection of your privacy, from: Amazon EU S.à.r.l, Amazon Services Europe S.à.r. l. and Amazon Media EU S.à.r. l., all three of them with a registered office at 5, Rue Plaetis, L-2338 Luxembourg; e-mail: ad-feedback@amazon.de. The data processor is Amazon.de GmbH, Marcel-Breuer-Str. 12, 80807 Munich, Germany.
On our website, we use Tiktok Pixel, Reddit Pixel and Snap Pixel to understand and track activities of visitors of our website. In doing so, the above code snippets collect information about visitors to our website or the devices they use (so-called event data).
The advertiser tools were developed by:
TikTok Pixel
Reddit Pixel
Snap Pixel
The event data collected via the Pixels is used for targeting our ads, improving ad delivery and for personalized advertising. For this purpose, the event data collected on our website by means of the pixels is transmitted to Google Ads.
Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the Pixels, via which information is stored on your end device used. Such as storage of information by the Pixels or access to information that is already stored in your device only takes place with your consent.
The legal basis for the collection and transmission of personal data is therefore Art. 6 para. 1a GDPR. This collection and transmission of the event data is carried out by us the Pixel as joint controller. The legal basis for the storing of the data on the end-user-device is sec. 25 para. 1 TDDDG.
TikTok, Reddit and also Snap process data in the USA, among other places. As a basis for data processing with recipients located in third countries (outside the EU, i.e. in particular the USA), companies use so-called standard contractual clauses (Art. 46 (2) & (3) GDPR). Those model templates are intended to ensure that third countries also comply with European data protection standards when personal data is stored there. Tiktok, Reddit and Snap thus undertake to comply with any conformities.
For the subsequent processing of the transmitted event data, the above pixels are the sole controller. For more information on how the personal data is processed, including the legal basis of the processing and the possibilities to exercise your rights, please refer to the individual data processing terms and conditions:
TikTok: https://ads.tiktok.com/i18n/official/article?aid=300871706948451871
Reddit: https://redditinc.force.com/helpcenter/s/article/Advertiser-Measurement-Program-Terms Punkt 3
Snap: https://snap.com/en-US/terms/standard-contractual-clauses
We use Facebook Pixel on our website. This allows Facebook to track user actions if you visit our website through Facebook Ads and for example if you purchase a product on our website cookies are set by Facebook Pixel. This allows Facebook to match the user data (customer data such as IP address, user ID) with your Facebook account data. For us, this data is anonymous and not visible.
With Facebook Pixel we are able to show our products to people who are also interested in them and thus tailor our advertising measures to the wishes and interests of the users, i.e. as a Facebook user (provided personalized advertising has been allowed) you get to see the appropriate advertising. Furthermore, Facebook uses the data for analysis purposes and its own advertisements.
Note: Within Facebook, you can customize your ad settings yourself.
https://www.facebook.com/adpreferences/advertisers/
Facebook processes data in the USA, among other places. As a basis for data processing at recipients located in third countries (outside the EU, i.e. in particular the USA), Facebook uses so-called standard contractual clauses (Art. 46 (2) & (3) GDPR). These templates are intended to ensure that third countries also comply with European data protection standards when personal data is stored there. Facebook thus undertakes to comply with any conformities.
Facebook's data processing terms and conditions, which comply with the standard contractual clauses, can be found here:
https://www.facebook.com/legal/terms/dataprocessing
We maintain web pages in social networks and on social media platforms in order to communicate with customers, potential customers and users who are active there, and to inform them about our Services there. When you access these networks and platforms, the general terms and conditions and the data processing policies of the relevant operator apply. Unless otherwise specified in our Privacy Policy, we process users’ data when they communicate with us in social networks and on social media platforms, e.g. create contributions on our web pages or send us messages. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and the efficient operation of our web pages within the meaning of Art. 6 (1)(f) GDPR), we place links to these third-party services on our web pages.
This always requires that the third parties who provide this content can see users’ IP address because they cannot send the content to their browser without the IP address. Consequently, the IP address is required to display this content. We strive to only use content which is provided by parties that use the respective IP address solely for purposes of delivering said content. Third-party providers may also use “pixel tags” (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” make it possible to analyse information, such as visitor traffic on the various pages of this website. The pseudonymous information may also be stored in cookies on the users’ device and may contain, for example, technical information regarding the browser and the operating system, information on referring websites and times of website visits, as well as further information regarding the use of our web pages. It may moreover be combined with similar information from other sources.
We embed video content provided by YouTube into our Services. YouTube is a service provided by “Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland” (“Google”). For this purpose, we request the respective content from Google servers. If you are logged into Google with your Google account, Google is able to combine your surfing behaviour with other data. Google's privacy policy applies: https://policies.google.com/privacy.
Our website provides the opportunity to submit contributions to a forum. The forum also requires registration with a user name, your e-mail address and a password. You can use a pseudonym to register. We only store this data to allow users to log in. Your password is encrypted. Nevertheless, we recommend that users do not use the same password on different websites. The password allows users to access their account in the forum, so please keep it in a safe place and do not disclose it to third parties. If you do not remember your password for your account, you can use the “I forgot my password” function of the phpBB software. This process will ask you to enter your user name and your e-mail address, then the phpBB software will generate a new password that will allow you to get your account back.
The forum is operated by the provider phpBB Deutschland e. V., Sandweg 17, 70771 Leinfelden-Echterdingen (“phpBB”). phpBB generates multiple cookies when you visit the forum. Cookies are small text files which the browser stores as temporary files. Two of these cookies contain a unique user number (user ID) and an anonymous session number (session ID) which is automatically assigned to the user by phpBB. A third cookie is generated once a user has visited topics and is used to store information on the contributions read by the user in order to be able to mark any contributions not yet read. Further information is collected when information is sent to the operator. This may include contributions created as a guest, data that is collected in the context of the registration, and the messages created by a user after he/she has registered with the forum. Further information on how your data is used by the operator is available at: https://www.phpbb.com/community/ucp.php?mode=privacy.
The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the forum. Where we or phbBB use the data to improve the Services, this use is justified in accordance with Art. 6 (1)(f) GDPR. There is an overriding interest in improving the Services.
We offer the opportunity to create user-generated content using the GIANTS SDK (“User-Generated Content”). The GIANTS SDK provides access to various tools that allow to create and share User-Generated Content, e.g. an editor (“Tools”). In order to use the Tools, users must register with the GIANTS Developer Network. For this purpose they must provide their e-mail address and a password. We only use this data to administrate the GIANTS Developer Network; it will not be disclosed to third parties. The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the GIANTS Developer Network.
We offer a platform (“ModHub”) for user-generated content created with GIANTS SDK (“User-Generated Content”). The GIANTS SDK provides access to various tools with which to create and share User-Generated Content. Users can upload User-Generated Content created by them using the ModHub. For this purpose they must register by providing an e-mail address and a password. We only use this data to administrate the ModHub; such data will not be disclosed to third parties. The tools transmit the IP address and the users’ access to files to us to enable the user to access the interface (API). The legal basis for using your data is Art. 6 (1)(b) GDPR because we will execute a contract regarding the use of the ModHub.
Our app is analyzed with technologies from AppsFlyer Inc. (111 New Montgomery Street, San Francisco, California 94105). Various session and interaction data are collected from you and stored for this purpose. We need this information to improve the content and usability of our games and to optimize the user experience for you. The session and interaction data are at no time processed in personalized form, but under a pseudonym. For more information on data processing by AppsFlyer, please refer to the privacy policy of the provider: https://www.appsflyer.com/privacy-policy/.
The legal basis for use is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not wish to be tracked by AppsFlyer in the future, you can opt out at any time here: https://www.appsflyer.com/optout
AppsFlyer is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation https://www.privacyshield.gov/participant?id=a2zt0000000GnUZAA0&status=Active
This does not apply to Apple Arcade's Farming Simulator 20+ version.
At events, pictures, video and / or audio recordings will be made of people inside the venue.
By participating, each visitor agrees that those responsible for the event organization, may record / visually document the event on the basis of a legitimate interest and may share these with the wider public, for example on social media channels or websites (Art. 6(1) GDPR).
For the provision of the applicant portal, we use the service provider
SmartRecruiters GmbH
Wilhelmstraße 118
10963 Berlin
SmartRecruiters offers an applicant platform as a service. The use of SmartRecruiters takes place pursuant to Art. 6 para. 1 p. 1 lit. f GDPR based on our legitimate economic interest to evaluate and manage applications in an applicant management system and to conduct an efficient application process.
In connection with the provision of the applicant portal, SmartRecruiters processes personal data on our behalf that arises from the following actions of the User:
SmartRecruiters adheres to standard contractual clauses for the handling of personal data.
Please refer to the privacy policy of SmartRecruiters: https://www.smartrecruiters.com/de/legal/candidate-privacy-policy
The following information refers to the use of the Farming Simulator.
If the Farming Simulator is downloaded via our website (www.farming-simulator.com), we process the personal data required for the purchase the Farming Simulator and technical data to enable the download as such.
When you make a purchase, we process personal data that is required to complete the purchase process. This includes
In order to technically enable the download of Farming Simulator, it is necessary to process
the following technical personal data:
We process the personal data of the data subject for the execution of the contract concluded with him/her and therefore on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. The data will be erased as soon as there is no longer a legal basis (e.g. retention obligations under tax law) for the processing of the personal data.
Note: If the Farming Simulator is obtained via external platforms, we have no influence on the data processing of the platform operators and the respective platform operator is responsible for data protection. Their terms of use and data protection notices apply.
The use of Farming Simulator requires prior activation. The product key provided is checked and the corresponding host ID is saved.
We process this personal data of the data subject for the execution of the contract concluded with the data subject and thus on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. The data will be deleted as soon as there is no longer a legal reason to retain the personal data.
No personal data is collected during the subsequent use of the Farming Simulator.
We use troubleshooting tools to ensure the usability of the Farming Simulator.
If Lua errors occur while using the Farming Simulator, they are automatically recorded by us. The Lua call stack is a data structure that is used to track the sequence of function calls in a Lua program. It helps to understand the current state of the program. When recording Lua errors, the following technical data is recorded:
This technical data needs to be processed in order to better understand the error and restore the functionality of the game. The processing of the technical data (which enables a personal reference in absolutely exceptional cases) is carried out in order to enable the execution of the user contract with the data subject and thus on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. We delete the technical personal data as soon as it is no longer required to fix the Lua error.
In the exceptional event that the Farming Simulator crashes, we have developed a crash dump upload service that allows the user to provide us with the data that led to the program crash so that we can better prevent future program crashes. This includes data such as the user's hardware setup and software settings.
This technical data is processed - insofar as it enables a personal reference in exceptional cases - on the basis of the consent given by the data subject within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR, which the data subject can revoke at any time. We store this technical personal data for as long as it is required to resolve the problem or until the data subject withdraws their consent.
Where your personal data is processed, you are the “data subject”, as defined in the GDPR, and you have the following rights vis-à-vis the Controller:
You have the right to demand that the Controller confirm to you whether it is processing personal data concerning you. Where such processing exists, you can request the following information from the Controller:
You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organisation. In this context you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
You have the right to have the Controller rectify and/or complete data where the personal data concerning you being processed is inaccurate or incomplete. The Controller must rectify this data without undue delay.
You have the right to demand that the Controller restrict the processing of personal data concerning you if the following applies:
Where processing of the personal data concerning you has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where the processing was restricted in accordance with the aforementioned conditions, you will be informed by the Controller before the restriction of processing is lifted.
You may demand that the Controller erase the personal data concerning you without undue delay where one of the following reasons applies:
Where the Controller has made the personal data concerning you public and is obliged to erase the personal data concerning you in accordance with Art. 17 (1) GDPR, it has the following duty: It must take reasonable steps (including technical measures, taking into account the available technology and the cost of implementation) to notify third-party companies which are controllers that you have requested the erasure of all links to, or copies of, such personal data.
The right to erasure does not apply where processing is necessary
Where you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller has a duty to communicate this rectification or erasure of the data or the restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
You have the right to receive the personal data concerning you which you have provided to the Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit that data to another controller without hindrance by the Controller to which the personal data has been provided, where the processing is based on consent pursuant
When exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where this is technically feasible. This right must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
You have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you that is based on Art. 6 (1) (e or f) GDPR at any time; this also applies to profiling which is based on these provisions. In such an event, the Controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the data is being processed for the establishment, exercise or defence of legal claims. Where personal data concerning you is processed for the purposes of direct marketing, you have the right to object to the processing of personal data concerning you for that purpose at any time; this also applies to profiling where profiling is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to revoke your consent given for data protection law purposes at any time. Revoking your consent does not affect the lawfulness of any processing performed based on the consent until such revocation.
You have the right not to be subject to a decision which is based solely on automated processing – including profiling – and which produces legal effects concerning you or similarly significantly affects you. This does not apply where the decision
a) is necessary for entering into or performing a contract between you and the Controller,
b) is authorised by Union or Member State laws to which the Controller is subject and where these laws also contain suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is made with your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2)(a or g) applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place. With respect to the cases mentioned in subsections (a) and (c), the Controller must implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the Controller, the right to express your own point of view and the right to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged violation, if you believe that the processing of the personal data concerning you violates provisions of the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.