Privacy Policy

---

1. Information about the collection of personal data and contact details of the controller
2. Data collection when visiting our website
3. Cookies
4. Contacting us
5. Data processing when opening a customer account and for contract processing
6. Use of single sign-on procedures
7. Use of your data for direct advertising
8. Data processing for order processing
9. Contacting us for review reminders
10. Use of social media: social plugins
11. Tools and other information
12. Rights of the data subject
13. Duration of storage of personal data

1. Information on the collection of personal data and contact details of the controller

1.1. Thank you for visiting our website. Below, we would like to inform you about how your personal data is handled when you use our website. Personal data is essentially all data that can be used to personally identify you.

1.2. The controller responsible for processing data on our website within the meaning of the General Data Protection Regulation (GDPR) is:

NORFRI Futtermittelh. GmbH
Siehdichfürstrasse 38
2231 Strasshof
Austria
Tel.: +43 (0)678 / 680 17 72
E-Mail: info@futterscheune.shop

1.3. The controller has appointed the following data protection officer:

Kristina Rögner
Rosengasse 4-6
2120 Obersdorf
Tel: +43 (0)676 / 8996 8663
E-Mail: grafik@futterscheune.at

1.4. To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL or TSL) over HTTPS.

2. Data collection when visiting our website

Every time you visit our website, our system automatically records data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:

• The website we visited
  
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you accessed the site
• Operating system used
• Browser used
• IP address used (if applicable: in anonymized form)

The legal basis for processing is Art. 6 (1) (f) GDPR due to our legitimate interest in improving the stability and maintaining the functionality of our website. The data will not be passed on or used for any other purpose. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. We reserve the right to subsequently review the server log files should there be concrete evidence of illegal use. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session ends. If the data is stored in log files, this is the case after seven days at the latest. Longer storage is possible. In this case, the users' IP addresses are deleted or distorted, so that the accessing client can no longer be identified. The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right of objection.

4.460 / 5.000 3. Cookies

Our website uses cookies. Cookies are text files that are stored on the user's device. When a user accesses a website, a cookie may be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after changing pages. The user data collected by technically necessary cookies is not used to create user profiles. Our legitimate interest in processing personal data for the above-mentioned purposes also lies in accordance with Art. 6 (1) (f) GDPR.

In addition, our website may use cookies that enable an analysis of user surfing behavior (so-called third-party cookies). Further information on the scope, purpose, legal basis, and options for objection can be found in the relevant sections of the respective chapter of this Privacy Policy.

As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate, restrict, or delete the transmission of cookies. If you deactivate cookies for our website, you may no longer be able to use all of the website's functions to their full extent. You can prevent the transmission of Flash cookies by changing the Flash Player settings.

Help with settings can be found in your browser's help menu at the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data, as well as IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.


4. Contacting us

If you contact us via the contact form, the data entered in the input mask will be transmitted to us and stored. The data collected can be found in the respective input mask. When you contact us by email, only the data you enter there will be transferred to us.
The data will be used exclusively for processing the conversation and your request. The legal basis for processing the data, if the user has given their consent, is Art. 6 (1) (a) GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and unless there are statutory retention periods to the contrary. For personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved. The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

4.785 / 5.000 5. Data processing when opening a customer account and for contract processing

If you open a customer account with us, personal data will be collected and processed in accordance with Art. 6 (1) (b) GDPR. The scope of the data is evident from the input form. The data you enter will be stored and used by us for contract processing.
You can delete your customer account at any time. This can be done by sending a message to the responsible party's address or, if offered, directly in your customer account. In this case, we will also block your data in accordance with tax and commercial retention periods and delete it after these periods have expired. This can only be contradicted by your consent to permanent storage or by a legally permitted further use of the data on our part.

6. Use of Single Sign-On Procedures

Facebook Connect Sign-in

We use "Facebook Connect" on our website, a plug-in from the social network Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter referred to as "Facebook").
This allows you to create a customer account or log in using the so-called Single Sign-On technology if you have a Facebook profile. When you visit one of our websites that has such a plug-in, your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. This informs Facebook that your browser has accessed the respective website, even if you do not have a Facebook profile or are not logged into Facebook at the time. This information (including your IP address) is transmitted directly from your browser to a Facebook server and stored there; transmission to the USA is also possible.

Our legitimate interest lies in enabling a quick and uncomplicated registration process for our customers. The legal basis is therefore Art. 6 (1) (f) GDPR.

Facebook's legitimate interest lies in displaying personalized advertising based on users' surfing behavior. The legal basis is therefore Art. 6 (1) (f) GDPR.

You can also register and log in to our website using your Facebook data without using the Facebook button.

Only if you have given your express consent to the exchange of data with Facebook before the registration process in accordance with Art. 6 (1) (a) GDPR will we receive the general and publicly accessible information stored in your profile from Facebook when you use the Facebook button. This transfer only takes place in accordance with your personal data protection settings on Facebook. This information includes, among other things, the user ID, name, profile picture, age, and gender.

Please note that, following changes to Facebook's privacy policy and terms of use, your profile pictures, your friends' user IDs, and your friends list may also be transferred if you have marked them as "public" in your Facebook privacy settings.

The data transmitted to us by Facebook will be stored and processed by us to create a user account with the necessary data. Based on your consent, we may also transfer data (e.g., information about your browsing or purchasing behavior) to your Facebook profile.

Your consent can be revoked at any time by sending a message to the person responsible for processing your data.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum. Further information can be found in Facebook's privacy policy: http://www.facebook.com/policy.php. Further information can be found in Facebook's privacy policy: http://www.facebook.com/policy.php. If you do not wish the data collected on our website to be associated with your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the Facebook plug-in from loading using add-ons for your browser, such as "Adblock Plus" (https://adblockplus.org/de/).

7. Use of your data for direct advertising

7.1. Newsletter

On our website, you have the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input form will be transmitted to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used for personal contact.

The legal basis for processing your data after registering for the newsletter is Art. 6 (1) (a) GDPR, provided the user has given their consent. We obtain this consent by sending you a confirmation email containing a confirmation link after registering for the newsletter. By clicking on this link, you also consent to receive the newsletter.
When you submit your newsletter registration, we save your IP address as well as the date and time of registration. This storage serves to trace any possible misuse of your email address.

We use the data we collect when you register for the newsletter exclusively for the purpose of sending the newsletter.

You can cancel your newsletter subscription at any time. For this purpose, there is a corresponding link in every newsletter. This also allows you to revoke your consent to the storage of the personal data collected during the registration process.

7.2. CleverReach
We send our newsletter via the service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (hereinafter referred to as "CleverReach"). We pass on the data you provided when you register for the newsletter to CleverReach. This disclosure is carried out in accordance with Art. 6 (1) (f) GDPR due to our legitimate interest in using a secure, user-friendly, and effective newsletter system. The data entered when subscribing to the newsletter (e.g., email address) will be stored on CleverReach's servers in Germany or Ireland. Your data will be used by CleverReach to send and statistically evaluate the newsletter on our behalf. For this purpose, the newsletter emails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to track whether a newsletter email has been opened and which links have been clicked. This conversion tracking also makes it possible to track whether an action (such as purchasing an item from our shop) was performed after opening a link in the newsletter. Technical information is also recorded (e.g., the time of access, your IP address, browser type, and/or operating system). This data is collected exclusively in pseudonymized form and is not linked to your other personal data. If you do not wish to receive the data analysis described here, you must unsubscribe from the newsletter. A data processing agreement exists with CleverReach. Further information on CleverReach's data analysis can be found here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/ CleverReach's privacy policy can be found here: https://www.cleverreach.com/de/datenschutz/

8. Data processing for order processing

8.1. If you wish to order from our online shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to process your order.

We sometimes work with external service providers to process your order. For this purpose, we must pass on the necessary personal data.

If we commission a transport company to deliver your goods, we will pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we will pass on your data to the commissioned credit institution as necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the transfer of your data is Art. 6 (1) (b) GDPR.

8.2. Transfer of your personal data to shipping service providers

- DHL

If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will only pass on the recipient's name and delivery address to DHL for the purpose of delivery and to the extent necessary pursuant to Art. 6 (1) (b) GDPR. Only if you have given your express consent during the ordering process will we pass on your email address to DHL in accordance with Art. 6 (1) (a) GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with future effect by notifying the above-mentioned responsible party or the transport service provider DHL.

- DPD

If the goods are delivered to you by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will only pass on the recipient's name and delivery address to DPD for the purpose of delivery and to the extent necessary in accordance with Art. 6 (1) (b) GDPR. Only if you have given your express consent during the ordering process will we pass on your email address to DPD in accordance with Art. 6 (1) (a) GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with future effect by notifying the above-mentioned responsible party or the transport service provider DPD.

- GLS

If the goods are delivered to you by the transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein), we will only pass on the recipient's name and delivery address to GLS for the purpose of delivery and to the extent necessary in accordance with Art. 6 (1) (b) GDPR. Only if you have given your express consent during the ordering process will we pass on your email address to GLS prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification in accordance with Art. 6 (1) (a) GDPR. Your consent can be revoked at any time with future effect by contacting the person responsible named above or the transport service provider GLS.

- UPS
If the goods are delivered to you by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will only pass on the recipient's name and delivery address to UPS for the purpose of delivery and to the extent necessary in accordance with Art. 6 (1) (b) GDPR. Only if you have given your express consent during the ordering process will we pass on your email address to UPS in accordance with Art. 6 (1) (a) GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with future effect by contacting the controller named above or the transport service provider UPS.

- Stripe
If you select a payment method from the payment service provider Stripe, payment processing will be carried out via Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (hereinafter referred to as "Stripe").
We will pass on your personal data, along with information about your order (name, address, account number, bank sort code, credit card number (if applicable), invoice amount, currency, and transaction number), to Stripe in accordance with Art. 6 (1) (b) GDPR exclusively for the purpose of payment processing and only to the extent necessary.

- PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal, we will pass your payment data on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of the payment processing. The transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be transferred to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit check may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, among other things, but not exclusively, address data. Further information on data protection, including information on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.

- Secupay
If you choose to pay by credit card with the payment service provider secupay, the payment will be processed by the payment service provider secupay AG, Goethestraße 6, 01896 Pulsnitz, to whom we will pass on the information you provided during the ordering process, along with the information about your order, in accordance with Art. 6 (1) (b) GDPR. Your data will be shared exclusively for the purpose of processing payments with the payment service provider secupay and only to the extent necessary for this purpose.
If you select the payment methods "Purchase on account" via secupay or "Direct debit" via secupay, you will be asked during the ordering process to provide your personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, bank sort code, and account number). In order to protect our legitimate interest in determining our customers' solvency, we will forward this data to secupay AG, Goethestr. 6, 01896 Pulsnitz, Germany, (“secupay”) for the purpose of a credit check in accordance with Art. 6 (1) (f) GDPR. Based on the personal information you provide and other data (such as shopping cart, invoice amount, order history, and payment experience), Secupay checks whether the payment option you have selected can be granted with regard to payment and/or default risks. In addition to secupay's internal criteria pursuant to Article 6 (1) (f) GDPR, identity and creditworthiness information from the following credit agencies may also be used to make decisions during the application review process: - infoscore Consumer Data GmbH (arvato), Rheinstraße 99, D-76532 Baden-Baden, Tel.: +49 (0)7221-5040-1000, Fax: -1001 - Creditreform Boniversum GmbH, Hellersbergstraße 11, D-41460 Neuss, Tel.: +49 (0)2131-109-501, Fax: -557
- EOS Payment Solutions GmbH, Steindamm 80, 200 Hamburg
The credit report may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to the data controller or to Secupay. However, Secupay may still be entitled to process your personal data if this is necessary for contractual payment processing.

9. Contact regarding a review reminder

9.1. Your own review reminder

After your express consent in accordance with Art. 6 (1) (a) GDPR, you will receive an email from us as a one-time reminder to submit a review of your order. You can revoke your consent at any time by sending a message to the person responsible for processing your data.

9.2. Review reminder via Google Customer Reviews

Based on your express consent in accordance with Art. 6 (1) (a) GDPR, we will transmit your email address to the Google Customer Reviews rating platform (© Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland, (www.google.de)). You will receive a review reminder from Google via email.
You can revoke your consent at any time by sending a message to the person responsible for processing your data or to Google.

10. Use of Social Media: Social Plugins

10.1. Facebook as a Standard Plugin

We use social plugins ("plugins") from the social network Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter referred to as "Facebook") on our website.

You can usually recognize the plugins by the Facebook logo, usually a white "f" on a blue background. Other versions of the Facebook plugin can be viewed here: https://developers.facebook.com/docs/plugins When you visit one of our websites that contains such a plugin, your browser establishes a direct connection to the Facebook servers and transmits the plugin content directly to your browser, even if you don't have a Facebook profile or aren't currently logged into Facebook. This information (including your IP address) is transferred directly from your browser to a Facebook server in the USA and stored there. If you are logged into Facebook at the relevant time, Facebook can directly associate your visit to our website with your Facebook profile. If you interact with a plugin (e.g., click the "Like" button or comment), this information is also transferred directly to a Facebook server and stored there. The promotions can be published on your Facebook profile and displayed to your Facebook friends.

Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Art. 6 (1) (f) GDPR.

Facebook's legitimate interest lies in displaying personalized advertising and tailoring the service to meet your needs. The legal basis is Art. 6 (1) (f) GDPR.

If you do not wish the data collected via our website to be associated with your Facebook profile, you must log out of Facebook before visiting our website. You can also prevent Facebook plugins from loading using add-ons for your browser, e.g., the script blocker "NoScript" (http://noscript.net/).

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum. Further information can be found in Facebook's privacy policy: http://www.facebook.com/policy.php

10.2. Instagram as a standard plug-in

We use social plugins ("plugins") from the social network Instagram (operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter referred to as "Instagram") on our website.

You can usually recognize the plugins by the "Instagram camera." Other versions of the Instagram plug-in can be viewed here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

When you visit one of our websites that contains such a plugin, your browser establishes a direct connection to the Instagram servers and transmits the content of the plugin directly to your browser, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transferred from your browser directly to an Instagram server in the USA and stored there.

If you are logged into Instagram at the relevant time, Instagram can directly associate your visit to our website with your Instagram profile. If you interact with a plugin (e.g., click the "Instagram" button or comment on something), this information is also transferred directly to an Instagram server and stored there. The actions can be published on your Instagram profile and displayed to your Instagram friends.

Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Art. 6 (1) (f) GDPR.

If you do not wish the data collected via our website to be associated with your Instagram profile, you must log out of Instagram before visiting our website. You can also prevent the Instagram plug-in from loading using add-ons for your browser, e.g., the script blocker "NoScript" (http://noscript.net/).

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/

11. Tools and Other

11.1. Google reCAPTCHA

We use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") in accordance with Art. 6 (1) (f) GDPR due to our legitimate interest in preventing misuse and spam.
reCAPTCHA is a function designed to ensure that an entry is made by a natural person.
The service sends your IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.

When using Google reCAPTCHA, your personal data may also be transferred to the servers of Google LLC in the USA.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/, as well as in Google's privacy policy: https://www.google.com/policies/privacy/

11.2. Fonts.net Web Fonts

For the uniform display of fonts, we use so-called web fonts provided by Monotype GmbH, Werner-Reimers-Straße 2–4, 61352 Bad Homburg ("Fonts.net").
As soon as you access our website, your browser loads the required web fonts into the browser cache.

For this, your browser must establish a connection to the Fonts.net servers, which means that Monotype transmits your IP address. Our legitimate interest within the meaning of Art. 6 (1) (f) GDPR lies in the consistent and appealing presentation of our online offerings.

If your browser does not support web fonts, a standard font from your computer will be used.

Details on data protection at Fonts.net can be found here:
https://www.fonts.com/info/legal

12. Rights of the Data Subject

12.1. Applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the controller regarding the processing of your personal data, about which we will inform you below:

- Right to information pursuant to Art. 15 GDPR: You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have the right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage, and the existence of other rights such as the right to rectification of the data or the right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR when your data is transferred to third countries;

- Right to rectification pursuant to Art. 16 GDPR:
You have the right to immediate rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us; The correction or completion must be carried out immediately.

- Right to restriction of processing pursuant to Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is being verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise, or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons related to your particular situation, as long as it has not yet been determined whether our legitimate reasons prevail;
If the processing of your personal data has been restricted, this data – apart from its storage – may only be used with your consent or for the purpose of asserting, exercising, or defending legal claims or for protecting the rights of another natural or legal person person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.

- Right to erasure pursuant to Art. 17 GDPR:
You have the right to have your personal data erased without undue delay if the requirements of Art. 17 (1) GDPR are met. However, this right to erasure does not apply, in particular - but not exclusively - if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims.
- Right to information pursuant to Art. 19 GDPR: If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to inform all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless doing so is impossible or involves disproportionate effort. You also have the right to be informed about these recipients.

- Right to data portability pursuant to Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, common, and machine-readable format or to request its transmission to another controller, where technically feasible;

- Right of revocation pursuant to Art. 7 (3) GDPR:
You have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
You also have the right to revoke your consent to data protection at any time with effect for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning yourelated data violates the GDPR.

12.2. Right of Objection

You have the right to object to the processing of your data at any time with future effect if we process your data based on our overriding legitimate interest after weighing up other interests.
If you exercise this right of objection, we will stop processing your data unless there are demonstrably overriding compelling legitimate reasons that prevent termination or if further processing serves to exercise or defend legal claims.

13. Duration of Storage of Personal Data

The duration of storage of personal data depends on statutory retention periods. After this period has expired, we routinely delete the data if it is no longer required to fulfill or initiate a contract and/or if we no longer have a legitimate interest in continuing to store it.