Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the Basic Data Protection Regulation (DSGVO). This data protection declaration is intended to be clear, readable and understandable for the public as well as for our customers and business partners. For this reason, we will explain some of the terminology below:
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, is referred to as processing.
“Restriction of processing”
The marking of stored personal data for the purpose of restricting or blocking its future processing.
Profiling is any type of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
Pseudonymisation describes the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller or person responsible for processing”.
A controller or data controller, the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
“Consent” of the data subject”
Any freely given specific, informed and unambiguous indication of his or her wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed, is referred to as consent.
The obtaining of personal data, either with the involvement of the data subject or with the involvement of a third party.