DocCheck Community GmbH, Vogelsanger Strasse 66, D-50823 Cologne ("DocCheck") collects personal data as part of its business activities
1 Name and address of the responsible legal entity
Responsible in terms of the General Data Protection Regulation (GDPR), and other regulations and laws with data protection character is:
DocCheck Community GmbH
Vogelsanger Str. 66
Tel .: 0221-920530
The legal representative of DocCheck Community GmbH is its managing director, Frank Antwerpes
2 Name and address of the data protection officer
The data protection officer of DocCheck Community GmbH is:
Vogelsanger Str. 66
Tel .: 0221-920530
For any questions about privacy, you can contact our data protection officer directly.
3 Collection of your data
As part of your registration for DocCheck and during your usage of DocCheck personal data will be collected or updated. Data collection is performed in two ways:
1. by entering data into form fields or by sending us information by e-mail, post or fax ("Active Data Collection")
2. by logging your actions, when you use the DocCheck services ("passive data collection")
Regardless of the type of data collection, DocCheck follows the principle of data minimization. We only collect information that is necessary to fulfill the contract between you and DocCheck or is relevant for an optimal user experience.
3.1 Data that you provide
3.1.1 Basic personal data
When registering, we will collect the personal information we need to set up your DocCheck account and provide our services. These are first name, surname, profession, area of expertise, area of activity, additional names, postal code, street, residence, e-mail address and a self-chosen password. This data is assigned to an individual user ID, which is provided by DocCheck. Your password will be saved via a one-way hash function. This means it can not be recovered or read by anyone, including DocCheck. This data processing is based on art. 6 para. 1 sentence 1 letter b) GDPR.
You can also use DocCheck without signing up in read-only mode, but you will not have a user profile, can not post or upload files to DocCheck, and will not receive personalized information.
3.1.2 Proof of medical qualification
In addition, we ask you to upload a proof of your medical qualification. If you provide a proof of your affiliation to a medical profession to DocCheck, it will be stored with link to your user profile. Without your basic personal data and professional credentials, DocCheck can not review your affiliation with the medical community and can not grant access to information and services that are restricted under the EU-Directive 2001/83/EC or due to ethical reasons. You can use DocCheck without professional credentials, but you will have limited access to some services. The above-mentioned data processing is necessary to extend the functionality of your DocCheck account and is based on art. 6 para. 1 sentence 1 letter b) GDPR.
If you want, you can upload a photo to your profile on DocCheck. This photo will be publicly displayed in your profile. The data processing is based on your consent given by uploading your profile picture in accordance with art. 6 para. 1 sentence 1 letter a) GDPR.
3.1.4 Extended personal data
As part of your usage of DocCheck, we kindly ask you from time to time to provide further information after you finished your registration, e.g. which professional interests you have, if and how you would like to be contacted by eMail or if you would like to participate in market research studies. This extended personal data will be added to your user profile "non-publicly". You may delete, amend, publish or update this data at any time, depending on how much information you want to share with DocCheck and other DocCheck users. The processing of data is based on your personal consent in accordance with art. 6 para. 1 sentence 1 letter a) of the GDPR.
3.1.5 Ratings, Posts and Files
When using DocCheck, you can post reviews, write posts (e.g. comments, blogs, case reports), create author profiles (Flexikon), and upload various files (such as pictures, lectures, scripts, videos). These reviews, posts, and files are linked to your user profile. By saving your posts and/or uploading files, you agree to publish this information under your chosen authorship and privacy preference. In addition, your publications will appear under "activities" in your user profile and elsewhere on the DocCheck website. The data processing is based on your consent by using the respective functions according to art. 6 para. 1 sentence 1 letter a) GDPR. As part of the provision of our services requested by you, the data processing is also necessary for the execution of the contract and is based in this respect on art. 6 para. 1 sentence 1 letter b) GDPR. Since DocCheck can neither verify the nature nor the content of the files during the upload process, you have to ensure that the posts or files contain no personal information that violates your rights or the rights of third parties.
3.1.6 Communication data
We store the information, if you want to receive emails from DocCheck and what kind of emails you want to receive (see also section 3.1.4). When you communicate with DocCheck via email or chat or use the DocCheck platform to communicate with other users ("inMail"), we store the content of the communication and any information you choose to provide. Without the storage of this communication data, DocCheck can not perform its customer service and you can not use the DocCheck platform to exchange messages with other users. The data processing takes place in order to provide and carry out the respective communication process or in the case of your request to the customer service for answering this request and is therefore based on art. 6 para. 1 sentence 1 letter b) GDPR.
3.1.7 Market research data
3.1.8 Employer approval
If you want to take part in a market research study as an employed doctor, DocCheck needs the approval of your employer. You can send us the approval by e-mail or upload. It will be stored non-publicly with your user record as long as required by legal stipulations. The data processing is based on the legal obligation to store the evidence that such an authorization existed in accordance with art. 6 para. 1 sentence 1 letter c) and f) GDPR.
3.1.9 Bank details
If you participate in some DocCheck services, we ask for your bank details. We need this information to transfer money that you earned - i.e. from participating in market research studies or by receiving bMails. If you don't provide your bank details, we can not pay out any money you have earned on DocCheck. The data processing thus serves the fulfillment of our contractual duties, it is based on art. 6 para. 1 sentence 1 letter b) GDPR.
As part of the use of the DocCheck Shop we ask for your practice or company name, your billing address, your shipping address and your form of payment. This information is necessary for the fulfillment of the eCommerce transaction between DocCheck and you. It will be stored for the period determined by general legal requirements. Without this data, no eCommerce agreement between you and DocCheck can come into effect. The data processing is thus based on art. 6 para. 1 sentence 1 letter b) GDPR.
3.1.11 Job application data
You have the opportunity to use DocCheck for job applications and to create a public candidate profile on DocCheck. You determine the type and extent of the data provided in the candidate profile yourself. You can inform potential employers about the profile you have published. The data processing is based on your consent through the use of the application according to art. 6 para. 1 sentence 1 letter a) GDPR.
3.2 Data that is collected automatically
3.2.1 Usage data
We collect information about your interaction with the DocCheck website, such as page-calls or downloads, your search queries, the channels you subscribe to, the logins on partner sites and apps that use DocCheck as an access system, your participation in market research and other activities on the DocCheck platform. These data are mostly pseudonymised and are not visible to third parties. Above all, your usage data serves to continuously improve the individual information offered by DocCheck. In addition, usage data is statistically evaluated in order to optimize the services and the user interface of DocCheck. Your usage data will also be collected to increase privacy and data security in our organization to ensure the best possible level of protection for the personal information we process. The processing of your data takes place in this respect in our legitimate interest and is based on art. 6 para. 1 sentence 1 letter f) GDPR.
3.2.2 Technical data
DocCheck has integrated the iframes of some third-party providers into its web pages (e.g. Sketchfab, Easyzoom, Trinket, Userlike, Youtube, etc.). These iframes will collect
This data is not used to draw conclusions about you or your behaviour, but to ensure the correct presentation of the web page or iframe. Processing in this respect is in our legitimate interest and is based on art. 6 para. 1 sentence 1 letter f) GDPR.
3.2.3 E-mail data
DocCheck stores information related to the distribution of e-mails. This includes the type of e-mail, its date of delivery, the information if the e-mail was opened and events that may have taken place in the e-mail (e.g. clicking on a button). These data are aggregated and processed as anonymized statistics. The statistics are used by either DocCheck or third parties in order to analyze general user behavior regarding e-mail delivery. Furthermore, we register when you opt-in or opt-out of the various types of DocCheck e-mail.
3.2.4 Chat data
As part of the user support via chat on the DocCheck website, DocCheck stores conversations between users and support staff. The chat data is not assigned to an individual DocCheck user. Unless you don't transmit personal data within the conversation on your own initiative (for example, e-mail address), you remain anonymous. The processing of the chat data takes place for the execution of the contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR.
3.2.5 Payment data
In connection with payment transactions on the DocCheck platform, we will store the payment instrument used, date and time of the transaction, payment amount, expiry date of the payment instrument and other transaction details. This information is necessary in order to adequately fulfill the contract between you and DocCheck and to enable the payment services and is based on art. 6 para. 1 sentence 1 letter b) GDPR.
3.2.6 Customer account
If you participate in bMail and market research (may not apply in your region), DocCheck will save the claims you have acquired as well as the events that justify these claims. This takes place for the execution of the contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR. Since claims may be the subject of taxation, the storage period is based on legal requirements in accordance with art. 6 para. 1 sentence 1 c) GDPR.
4 Storage of your data
Your personal data is stored on DocCheck servers and is protected from unauthorized access by access controls and firewalls. The processing of user data is mainly carried out in-house. If third parties are involved in data storage or processing, they have a data processing contract that guarantees the processing of your data at the same level, that is used by DocCheck. The proof of your medical qualification and employer approvals are stored partly electronically and partly as physical documents (depending on how it has been provided). When uploading files, some file formats (e.g. videos, PDF documents, PowerPoint presentations, etc.) are stored in cloud services. No personal data is transmitted along with the file. Pseudonymised/anonymised data collected by web beacons (e.g. Google Analytics) is stored on the systems of their respective providers.
5 Visibility of your data
You can basically control the visibility of your data yourself. However, as DocCheck is a social media platform, some of your data or activities will appear publicly, e.g. your name and your profession. For other personal data you can define different levels of visibility.
The visibility levels are "private" (= only visible to you), "contacts" (= only visible to DocCheck users you follow and follow you), "DocCheck users" (= visible to all DocCheck users) and "all" (= public, i.e. also visible to users without DocCheck login). The visibility levels for your assets are "Draft" or "Private" (= only visible to you), "Medical Professionals" (= only visible to DocCheck users with a medical background), "DocCheck Users" (= visible to all DocCheck Users, i.e. also without a professional medical background) and "all" (= public, i.e. also visible to users without DocCheck login).
Some of your personal information is also visible outside DocCheck by default. These are your name and surname, your job, your area of expertise and your position. Other data is only visible, if you have shared it with a specific group of users.
You can partially disable the visibility of your data and its search engine findability. However, the texts and files you publish are publicly available and searchable if you do not set their visibility to "private" - e.g. Pictures, videos or blog posts.
If you don't understand the different visibility levels or if you are feeling uncomfortable to publish your profile as a medical professional on the web, you should not use DocCheck.
6 Use of your data
6.1 DocCheck services
We use the data listed under 3.1 and 3.2 when you are registering for and using the various DocCheck services. The processing takes place in order to provide these services and is based on art. 6 para. 1 sentence 1 letter b) GDPR and your consent art. 6 para. 1 sentence 1 letter a) GDPR. Your basic user data creates a public profile on DocCheck and allows you to access the various contents and functions of DocCheck. This enables you to write comments, create content, and upload and share files with other DocCheck users under your name. You can also submit candidate profiles, job offers or job requests with DocCheck. We use your delivery address to deliver products ordered by you. We use your bank details to pay claims that you have acquired by participating in market research or receiving bMails from DocCheck.
If you are a licensed medical professional, your data authorizes you to access content that, under the terms of the EU-Directive 2001/83/EC, may only be made available to healthcare professionals (for example, prescription drug information). In this respect we process the data for the purpose of fulfilling the contract between you and DocCheck (art. 6 para. 1 sentence 1 letter b) GDPR) as well as for fulfilling a legal obligation (art. 6 para. 1 sentence 1 letter c) GDPR).
We use your data to personalize the information on DocCheck in order to offer contents and services that match your professional activity and your interests. This includes a personal home page that provides an overview of news in channels that you have subscribed to. The same applies to the information you receive with the DocCheck News via email. In this respect the data processing has the purpose to fulfill our contract and to make our offers more user-friendly, as stipulated in art. 6 para. 1 sentence 1 letter b) and f) GDPR.
We use your data to continuously improve our services. By analyzing the usage data, we can see if there are any errors in the use of our services or problems in understanding the user interface. In addition, we can see which areas and services of DocCheck are particularly interesting for users and which content we may need to optimize. The rationale for the data processing is based on art. 6 para. 1 sentence 1 letter f) GDPR and takes place in our legitimate interest in website statistics and improving our services.
We use your data to ensure smooth communication between you and DocCheck via email. Through the data, we can address you personally and customize the eMail delivery to your needs. The data processing takes place to answer your request and thus to fulfill our contract. Furthermore we have a legitimate interest to ensure the technical functionality of our services and to personalize them in favor of a higher user-friendliness and attractiveness. The use of your data is based on art 6 para. 1 sentence 1 letter b) and f) GDPR.
We use your data to inform you about new DocCheck services that are relevant for your interests and professional activities. The data also enables us to present our advertising or third-party advertising in a way that it reaches the right recipient. Your usage data will also be used to evaluate the success of marketing campaigns. We share this information with the advertisers. However, it contains only anonymized and aggregated data so that no information about your individual behavior to advertising is shared with third parties. This data processing serves the financing of DocCheck, it takes place in our legitimate interest and is based in this respect on art. 6 para. 1 sentence 1 letter f) GDPR.
6.7 Market research
We use your information to invite you to market research studies. In the context of market research studies, we use your data to create our own studies or studies on behalf of customers. Because market research contributes to the financing of DocCheck services, we have a legitimate business interest in collecting this information. Your participation enables us to provide our services for free. All market research data is pseudonymised and aggregated in the report. Neither the raw data nor the report allow to identify a specific person. We use the employer approval you provided to check whether employed doctors are allowed to participate in our market research in accordance with labor regulations. The data processing is based on our legitimate business interests in accordance with art. 6 para. 1 sentence 1 letter f) GDPR.
We use pseudonymised and anonymised data to improve and finance our website for legitimate business purposes (art. 6 para. 1 sentence 1 letter f) GDPR) in order to develop usage statistics, overall analyzes and business intelligence strategies. They enable us to make informed decisions, to inform advertisers about the scope of DocCheck and to inform us about our course of business.
6.9 Customer Support
We store your communication with DocCheck to help you to solve problems you might experience with our services. The relevant data processing helps us to fulfill our contract and is based on art. 6 para. 1 sentence 1 letter b) GDPR.
We want to create a trusted environment for the exchange of professional information. Your public profile and your professional credentials give other users the assurance that medical statements are backed by the necessary expertise. We use stored IP addresses to prevent the misuse of your password after spying, loss or disclosure. An indication of misuse of a password is, for example, a use by multiple IP addresses. Since your DocCheck password gives access to your user profile, this mechanism serves your data security. The relevant data processing serves our legitimate interest to increase data security and is based on art. 6 para. 1 sentence 1 letter f) GDPR.
We collect the information referred to in point 3.2.2 to improve the availability of our services. They ensure a smooth server connection, a stable delivery of our HTML-code and the right formatting of content on different devices. In this respect the data processing is based on our need to fulfill our contract and on legitimate business interests in accordance with art. 6 para. 1 sentence 1 letter b) and f) GDPR.
6.12 Conflict resolution
We use your information to resolve possible legal conflicts between you and DocCheck, for example, if there is uncertainty whether or not you have consented to receive emails. Data processing is therefore in our legitimate interest to provide such evidence and is based on article 6 paragraph 1 sentence 1 letter f) GDPR.
7 Disclosure of data
7.1 Conditions of Disclosure
Your personal information will not be shared with third parties unless
7.2 Single sign-on
The login on websites and apps of companies that use DocCheck as an access system is processed on DocCheck servers. Depending on the procedure (s.b.) this can involve a transfer of personal data. The extent of the data transfer depends on the method used:
If you are unsure, which method is used on a given website, you can always ask us under firstname.lastname@example.org.
7.3 Order processing
DocCheck uses data processors for the delivery of e-mails and for the collection of market research results.
Emails are handled by Copernica B.V. for DocCheck. Copernica receives email address, title, salutation and other user parameters from DocCheck, so that the e-mails can be sent with a personal touch. The terms of the data processing are fixed in a contract for order processing with Copernica. The transfer of user data to third parties by Copernica is prohibited.
7.4 Usage statistics/market research results
Any statistics and market research results that DocCheck makes available to third parties only use aggegrated and anonymised data. The identification of a single person is not possible. If sharing your personal information might be useful (for example, in the event of drug safety issues), DocCheck will notify you. After that, you can decide on your own if you want to share your data or not.
8 Duration of data storage
Your data is stored on DocCheck servers until you delete your DocCheck account. If your account is inactive for more than 24 months - i.e. you have never used your login and have not responded to any e-mails from DocCheck during this time - we will delete your account. Data which we have to store for a longer period due to legal regulations is exempted.
9 Data security
When using the DocCheck website we use SSL, so that the transfer of data between you and DocCheck is encrypted if your browser supports this technology. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we provide the next available standard. You recognize the encryption by a lock or key symbol in your browser. DocCheck takes appropriate technical and organizational security measures to protect your data from loss or unauthorized access by third parties resulting in manipulation, theft or destruction. Our security measures comply with the latest standards and are constantly being improved in line with technological developments.
10 Analysis tools
Some of the information mentioned under 3.2 is collected using external third-party analysis tools, which are listed below. The legal basis of the data processing is a legitimate interest in data processing according to art. 6 para. 1 f GDPR. The rationale lies in the continuous optimization of our website and in the need to maintain the functionality of our applications. The respective data categories and processing purposes can be found in the descriptions of the analysis tools:
10.1 Google Analytics
For the purpose of customizing and the continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc.(https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized user profiles are created and cookies (see point 4) are used. The information generated by the cookie about your use of this website such as
are transferred to a Google server in the US and stored there. Google is Privacy Shield certified and has thus committed to complying with the EU-US Privacy Shield Agreement published by the US Department of Commerce on the collection, use, and storage of personal data from EU member states. DocCheck has limited the storage period offered by Google to the minimum of 14 months. The information is used to evaluate the usage of the website, to compile reports on the website activities and to provide further services associated with the usage of the website and the Internet in general for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You may refuse the installation of cookies by selecting the appropriate settings on your browser; however, we point out that in this case, not all features of this website may be fully functional.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (see link).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the data collection of Google Analytics by setting an opt-out cookie that prevents future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about Google Analytics related privacy, please visit the Google Analytics Help Center.
10.2 Skalierbares Zentrales Messverfahren (SZMnG)
DocCheck utilizes the measuring method ("SZMnG") of INFOnline GmbH (https://www.INFOnline.de) to determine statistical parameters about the use of our offers. It installs a cookie with the identifier "ioam.de". The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior - on the basis of a uniform, standardized procedure - and thus to obtain market-wide comparable values.
For all digital offers provided by members of the "Informationgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V." (IVW - http://www.ivw.eu) or the studies of the "Arbeitsgemeinschaft Online-Forschung e.V." (AGOF - http://www.agof.de), the usage statistics are regularly processed by AGOF and the "Arbeitsgemeinschaft Media-Analyse e.V." (agma - http://www.agma-mmc.de) and published with the performance value "Unique User" and by IVW with the performance values "Page Impression" and "Visits". These ranges and statistics can be viewed on the respective websites.
Further information on data protection related to the measurement procedure can be found in our Privacy Declaration and in the data protection declaration on the website of INFOnline GmbH (https://www.infonline.de), which governs the measurement procedure, the data protection website of AGOF (http://www.agof.de/datenschutz) and the data protection website of IVW (http://www.ivw.eu).
Measurement by INFOnline GmbH using the SZMnG measurement method is carried out with a legitimate interest in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR.
The purpose of the processing of personal data is the compilation of statistics and the creation of user categories. The statistics serve to be able to trace and document the use of our offers. The user categories form the basis for an interest-oriented adjustment of advertising media and/or advertising measures. In order to market this website, a usage measurement that ensures comparability with other market participants is essential. Our legitimate interest stems from the economical usability of the findings resulting from the statistics and user categories and the market value of our website - also in direct comparison with third-party websites - which can be determined from these statistics.
In addition, we have a legitimate interest in making the pseudonymized data available to INFOnline, AGOF, and IVW for market research purposes (AGOF, agma) and for statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in making the pseudonymized data available to INFOnline for the further development and provision of interest-oriented advertising material.
If you do not wish to participate in the measurement, you can object by following this link: https://optout.ioam.de to guarantee an exclusion from the measurement, it is technically necessary to set a cookie. If you delete this cookie in your browser, it is necessary to repeat the opt-out process at the link above.
10.3 Hotjar Analytics
DocCheck uses Hotjar, an analysis software from Hotjar Ltd. ("Hotjar") (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe), for a certain period of time after the launch of new features. Hotjar allows DocCheck to measure and evaluate the usage behaviour on our website in the form of clicks, mouse movements, scroll heights, etc. DocCheck uses this information to detect errors in the user interface and to optimise its web presence. The data is transmitted to and stored on the Hotjar servers in Ireland.
The following information is collected:
Hotjar uses this information to evaluate your use of our website, create reports, and provide other services relating to website usage and internet evaluation of the website. For the provision of services, Hotjar also uses third-party services such as Google Analytics and Optimizely. These third-party providers may store information that your browser sends when you visit the website (e.g. cookies or IP requests). For more information on how Google Analytics and Optimizely store and use data, please refer to their respective privacy statements.
The cookies that Hotjar uses have different "lifetimes"; some last up to 365 days, some only last for the current visit.
You may opt out from having Hotjar collect your information when visiting a Hotjar enabled website at any time by visiting the Opt-out page and clicking "Disable Hotjar" or enabling Do Not Track (DNT) in your browser.
11 Your rights
Regarding the use of your data, you have the following rights. You are welcome to contact us at any time under email@example.com or to consult our data protection officer (see above).
11.1 Right of access
You have the right to receive from us at any time gratuitous information about the personal data stored about you and a copy of this information. Furthermore, you have the right of information about the following topics:
You also have the right to know whether personal data has been transmitted to a third country or to an international organization. If this is the case, you have the right to obtain information about the appropriate guarantees in connection with the transfer.
In order to get access to this information, you can contact our data protection officer or our customer service at any time.
Your right of information is based essentially on art. 15 GDPR.
11.2 Right to rectification
You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of processing. DocCheck offers you the opportunity to process a large part of your data yourself in your user account. However, part of your data (especially your job or last name) can not be changed directly by you. If you would like to exercise your right to rectification, you can always contact our data protection officer or our customer service.
Your right to rectification is based on Art. 16 GDPR
11.3 Right to erasure
You have the right to demand that your personal data is deleted without delay if one of the following reasons applies and the processing is not required:
If any of the above reasons apply and you wish to delete the personal information stored by us, you may contact our data protection officer or our customer service at any time. Our data protection officer or our employees will arrange that the deletion request will be fulfilled as soon as possible. Please note that depending on the scope of your request for deletion, the further use of your DocCheck account and DocCheck password may be impossible. Documents that you have uploaded and published while using DocCheck under recognition of the DocCheck Terms and Conditions, e.g. texts, pictures, videos are no longer connected to your user account after deletion. Since DocCheck can not verify that any documents you have published contain personal information, you must notify us separately if you also want to delete those documents. We kindly ask you to give this notice along with your request to delete your account, otherwise we will not be able to identify your documents clearly.
Your right to data deletion is based on art. 17 GDPR.
11.4 Right to restriction of processing
You have the right to obtain restriction of data processing if any of the following conditions apply:
If one of the above conditions is met and you want to restrict the personal data stored by us, you can contact our data protection officer or our customer support at any time. Our data protection officer or another employee will set the restriction of processing into effect.
Your right to restriction of processing is based on art. 18 GDPR.
11.5 Right to data portability
You have the right to receive your personal information provided to us in a structured, common and machine-readable format. This includes the right to transfer this data to another entity without hindrance by us, provided that (i) the processing is based on the consent pursuant to art. 6 para. 1 letter a) GDPR or art. 9 para. 2 letter a) GDPR or based on a contract pursuant to art. 6 para. 1 letter b) of the GDPR; and (ii) the processing is carried out by automated means, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority, which has been assigned to us.
In addition, when exercising your right to data portability, you have the right to obtain that personal data be transmitted directly from one controller to another, as far as technically feasible and provided that this does not affect the rights and freedoms of others (art. 20 para. 1 GDPR).
Your right to data portability is based on art. 20 GDPR.
11.6 Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data pursuant to art 6 para. 1 letter e) or f) GDPR. This also applies to profiling based on these provisions.
We will not process personal information in the event of an objection unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or serve to assert, exercise or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
In addition, you have the right, on grounds relating to your particular situation, to object the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to art. 89 para. 1 of the GDPR unless such processing is necessary to fulfill a public interest task.
To exercise the right to object, you can contact our data protection officer or our customer support at any time. You are also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications.
Your right to object is based on art. 21 GDPR.
11.7 Automated decisions on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
If the decision to conclude or fulfill a contract between us and you is required or is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms and your legitimate interests.
If you want to enforce rights related to automated decisions, you can contact our data protection officer or our customer support at any time.
These rights are based on art. 22 GDPR
11.8 Right to revoke your consent
Your right to revoke your consent to data prcessing is based on art. 7 para. 3 GDPR.
11.9 Right to lodge a complaint
You have the right to he right to lodge a complaint with a supervisory authority. This right is based on art. 56 para. 2 GDPR.
Last change 26/2018