DATA PROTECTION

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). The terms used are not gender-specific.

Table of contents

• Preamble
• Controller
• Contact data protection officer
• Overview of processing operations
• Relevant legal bases
• Security measures
• Transmission of personal data
• Deletion of data
• Use of cookies
• Business services
• Provision of the online offer and web hosting
• Advertising communication via email, post, fax or telephone
• Rights of the data subjects

Name and contact details of the controller pursuant to Article 4(7) GDPR

Schafroth GmbH
Hotel- Restaurant Krone
represented by the managing directors Helmut Schafroth
Rottachbergstraße 1, 87509 Immenstadt
Phone: +49 8323 9661-0
Email: INFO@HOTEL-KRONE-STEIN.DE
Website: https://www.hotel-krone-stein.de
RG Kempten, HRA No. 173
VAT ID No.: DE233348991

Contact data protection officer

OFF Telekommunikation GmbH
Mr Mathias Greiner
Beim Högner 2 1/2
87490 Börwang
Germany
E-mail:

Overview of the processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data.
• Payment data.
• Contact data.
• Contract data.
• Usage data.
• Meta, communication and process data.

Categories of data subjects

• Interested parties.
• Communication partners.
• Users.
• Business and contractual partners.

Purposes of the processing

• Provision of contractual services and customer service.
• Contact requests and communication.
• Security measures.
• Direct marketing.
• Office and organisational procedures.
• Managing and responding to enquiries.
• Provision of our online services and user-friendliness.
• Information technology infrastructure.

Relevant legal bases

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
• Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. The data protection laws of the individual federal states may also apply.

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from"http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Transmission of personal data

As part of our processing of personal data, data may be transmitted to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person. Our data protection notices may also contain further information on the storage and deletion of data, which take precedence for the respective processing operations.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping basket in an e-shop, the content accessed or the functions of an online service used. Cookies can also be used for various purposes, e.g. to ensure the functionality, security and convenience of online offers and to create analyses of visitor flows.

Notes on consent: We use cookies in accordance with the statutory provisions. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our online offering). The revocable consent is clearly communicated to the users and contains the information on the respective use of cookies.

Information on the legal basis under data protection law: The legal basis under data protection law on which we process users' personal data with the help of cookies depends on whether we ask users for their consent. If users give their consent, the legal basis for processing their data is the consent given. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is done in the context of the fulfilment of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. The purposes for which cookies are processed by us are explained in the course of this privacy policy or as part of our consent and processing procedures.

Storage period: A distinction is made between the following types of cookies with regard to the storage period:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.
• General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements in Art. 21 GDPR. Users can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Further information on processing operations, procedures and services:

Processing of cookie data on the basis of consent: We use a cookie consent management procedure in which the consent of users to the use of cookies, or the processing and providers named in the cookie consent management procedure, can be obtained and managed and revoked by users. The declaration of consent is stored so that it does not have to be requested again and the consent can be proven in accordance with the legal obligation. Consent can be stored on the server and/or in a cookie (so-called opt-in cookie or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: Consent may be stored for up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used
.

Google Maps

This website uses the Google Maps map service via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can find more information on the handling of user data in Google's privacy policy: policies.google.com/privacy?hl=en.

Application and use of Google Analytics (with anonymisation function)

The data controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, collation and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimise a website and to analyse the costs and benefits of internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The data controller uses the addition "_gat._anonymiseIp" for web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the data subject's Internet connection if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to analyse the use of our website, to compile online reports for us that show the activities on our website and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America, where it is stored. Google may share this personal data collected through the technical process with third parties.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject's IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programmes.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages
can be displayed on every device on which you sign in with your Google account.

To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account by following this link: https://www.google.com/settings/ads/onweb/.

The data collected in your Google account is summarised exclusively on the basis of your consent, which you can give or withdraw from Google (Art. 6 para. 1 lit. a GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.

Further information and the data protection provisions can be found in Google's privacy policy at
: https://www.google.com/policies/technologies/ads/.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising programme of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google AdWords, we use what is known as conversion tracking. When you click on an advert placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user has clicked on the ad and has been redirected to this page.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking
statistics.

The storage of "conversion cookies" takes place on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. You can find more information about Google AdWords and Google Conversion Tracking in Google's privacy policy: https://www.google.de/policies/privacy/.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Tour planner

You have the option of planning tours on our website. This is a service provided by Outdooractive GmbH & Co KG, Missener Straße 18, 87509 Immenstadt. If you call up the tour planner used on our site, a direct connection is established between your browser and a server of Outdooractive GmbH & Co. KG and information about your visit and your IP address is stored there. Outdooractive GmbH & Co KG, Missener Straße 18, 87509 Immenstadt, uses the following tracking software on its website: Google Tag Manager, Zendesk, Google Analytics, InfOnline, NugAd, Criteo, AdScale, Media Innovation Group, The ADEX, Google Publisher Tags. Further information can be found here: https://www.outdooractive.com/de/datenschutz.html.

DIRS21 booking system

Our website uses the DIRS21 service to allow you to book online via our site.

Search for available rooms, hotels or package deals with DIRS21: You do not need to provide any personal details to
in order to check availability with hotels and other hosts.

Booking via the DIRS21 booking system:
If you would like to book an available room or a package, you will need to provide personal data for the booking, in particular your name, address, telephone number and email address. This data is stored in the system for each booking under a booking number and is communicated to the booked host. The booked host can view this data at any time in a protected customer area that is only accessible to them. Export or automatic further processing is not possible. We would like to expressly point out that your e-mail address in particular will not be used for advertising or mass mailing purposes
. Anonymised data is processed for statistical purposes. We may use third party service providers to process your personal data on our behalf for the purposes mentioned above. For example, we may share some information about you with these third parties so that they can contact you directly by email (for example, to subsequently receive a review of your holiday).

Right to information about the DIRS21 booking system:
As a user of the DIRS21 booking system integrated on this website, you will receive information from the operator "TourOnline AG" about what information about you has been recorded in the system. This service is free of charge. If required, please contact us by e-mail or call the DIRS21 customer hotline on 07153-925050.

Deletion of your personal data from the DIRS21 booking system:
If you wish, the operator "TourOnline AG" will delete the personal data recorded in the DIRS21 booking system as soon as the arrival date notified by the booking has been reached. This service is free of charge; if required, please contact us by e-mail or call the DIRS21 customer hotline on 07153-925050. You will then receive confirmation that your data has been deleted.

TourOnline AG
Operator of the DIRS21 booking system
http://www.dirs21.de/

Contact form (request information, apply online)

If you contact us using the form on the website or by e-mail, or apply for a job, we store the data you provide and the general data described above. By using our form, you consent to the processing of your data. We do not pass the data on to third parties and use the data exclusively to process the contact and to answer the respective enquiry. If you contact us by e-mail, the necessary legitimate interest in the processing of the data also lies in the processing of the contact. The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an email is Article 6(1)(f)
GDPR. The data transmitted to us in the course of contacting us will be deleted as soon as it is no longer required for the aforementioned purpose. As far as the personal data from the contact form and the data sent by email are concerned, this is the case as soon as the respective conversation has ended. This in turn is the case as soon as the facts of the case have been conclusively clarified. If the contact is also aimed at concluding a contract, the additional legal basis is Article 6(1)(b) GDPR. In this case, we will store your enquiry as a business letter for 7 years.

Newsletter

To receive our newsletter, you must provide your email address. Before we send you the newsletter, you must expressly confirm to us that we should activate the newsletter service for you as part of the double opt-in procedure. You will then receive a confirmation e-mail from us asking you to click on the link contained in this e-mail to confirm that you wish to receive our newsletter.

You can unsubscribe from the newsletter at any time by informing us in writing. You will also find a link to unsubscribe from the newsletter in every newsletter we send out.

We use the CleverReach newsletter tool (CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany) to create and manage the newsletter. The required data of the newsletter recipients is hosted web-based on a CleverReach server. The contract is based on CleverReach's terms and conditions and privacy policy, which you can read here: https://www.cleverreach.com/de/agb/. According to CleverReach, it is assured that CleverReach neither accesses the data of newsletter recipients nor uses it in any other way.

The newsletter tool analyses the reach of the respective newsletters to ensure that the mailings actually reach the recipients. The individual behaviour patterns identified in the process are only used for a statistical evaluation of the newsletter's success and are never passed on to third parties or used for other purposes.

By submitting your data in our newsletter form, you agree to the data processing by CleverReach to the extent shown.

Business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and
comparable legal relationships and related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries.

We process this data in order to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any
updating obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of the administrative tasks associated with these obligations and the company organisation. In addition, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse, jeopardising their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this privacy policy.

We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law and for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions and other organisational documents and accounting records required to understand these documents, and six years for commercial and business letters received and reproductions of commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the
opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting document was created, the record was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and
data protection information of the respective third-party providers or platforms apply in the relationship between the users and the providers.

• Processed data types: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, duration, customer category).
• Data subjects: Interested parties; business and contractual partners.
• Purposes of Processing: Provision of contractual services and customer support; contact requests and communication; Office and organisational procedures; Managing and responding to enquiries.
• Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Provision of the online offer and web hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used for security purposes, e.g. to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure server utilisation and stability
  Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); deletion of
  data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

Recipients have the right to revoke their consent at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove the previous authorisation for contacting or sending for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defence against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the user, we also store the data required to avoid renewed contact (e.g. depending on the communication channel, the e-mail address, telephone number, name).

• Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. email, telephone numbers).
• Data subjects concerned: Communication partner.
• Purposes of processing: Direct marketing (e.g. by email or post).
• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
• Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements.
• Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.
• Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller.
• Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.