Data privacy statement
In the following, we would like to inform you in detail about which data is collected when you visit our website and use our offers there and how this is processed or used by us in the following, as well as which accompanying protective measures we have also taken in technical and organizational terms.
2. Responsible party/Service provider
The responsible party according to Art. 4 EU-DSGVO (EU General Data Protection Regulation, EU-Datenschutz-Grundverordnung, hereinafter referred to as “EU-DSGVO”) and at the same time service provider in the sense of the German Telemedia Act (TMG) is Fohhn Audio AG, Großer Forst 15, 72622 Nürtingen, Phone +49 (0)7022/93323-0, Fax +49 (0)7022/93324-0, E-Mail email@example.com. The responsible party is represented by the board members Jochen Schwarz and Uli Haug, who are also responsible according to Section 55 of the German Broadcasting State Treaty.
The office of the data protection officer is held by Mr. Frank Strohmer, Großer Forst 15, 72622 Nürtingen, Germany, Phone +49 (0)7022/93323-0, Fax +49 (0)7022/93324-0. If you have any questions or comments regarding data protection at Fohhn Audio AG (for example, about viewing, updating or deleting your personal data), you can contact our data protection officer by e-mail at firstname.lastname@example.org with the subject "Data protection".
3. Collection and use of your data
All personal data that we obtain from you in the course of using our website will only be collected, processed and used for the stated purpose. In doing so, we ensure that this only takes place within the framework of the applicable legal provisions or only with your consent.
Please contact infofohhn.com or send us your request by post.
The data will only be processed within the EU and the European Economic Area, unless information is provided below or directly at the time of data collection about a transfer to third countries, stating the respective legal basis, and consent is requested if necessary. The provisions on legal bases for international data transfer and the necessary requirements for this are available from us on request.
We do not make automated individual decisions on the processing of personal data.
The extent and type of collection and use of your data differs depending on whether you visit our website only to retrieve information or make use of services offered by us:
a) Informational use
In order to use our website for information purposes only, it is generally not necessary for you to provide personal data.
Rather, in this case we only collect and use those of your data that your internet browser automatically transmits to us, such as:
- Date and time of the retrieval of one of our websites
- your browser type
- the browser settings
- the operating system used
- the last website you visited
- the amount of data transferred and the access status (file transferred, file not found, etc.) as well as
- your IP address.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f) EU-DSGVO.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
b) Use of offers
If you wish to make use of services offered by us on our website or after contacting us in another way, it may be necessary for you to provide further data. These are the data that are required for the respective processing in accordance with Art. 6 (1) lit. b) EU-DSGVO, otherwise we cannot provide the desired service.
You can enter additional information voluntarily; input boxes with optional information are marked accordingly.
The collection or use of your data is for the purpose of providing the service you requested. This includes, for example, an enquiry via our contact form.
If the provision of data is required by law, we will inform you accordingly.
Your data may be passed on to service providers supporting us for the aforementioned purpose, who we have of course carefully selected and obliged to comply with the EU General Data Protection Regulation.
Your data will otherwise only be passed on to other third parties if this is permitted by law or we have received your explicit consent to do so.
4. Data protection consent
We may require consent to process your data in accordance with Art. 6 (1) lit. a) EU-DSGVO. We assure you that we will only process and use the data for the purpose stated at the time of collection.
You can give your consent separately in connection with the respective data collection. You can subsequently revoke it at any time with effect for the future.
Consent in relation to newsletters is governed by point 5, and for cookies by point 6 of this declaration below.
In order to be able to register for our e-mail newsletter service, we require, in addition to your consent under data protection law in accordance with Art. 6 (1) lit. a) EU-DSGVO, at least your e-mail address to which the newsletter should be sent to. Any further details are optional and are used to address you personally and to personalise the content of the newsletter as well as to clarify queries regarding the email address. We use the data exclusively for sending the newsletter.
For sending the newsletter, we generally use the so-called double opt-in procedure, i.e. we will only send you the newsletter if you first confirm your registration via a confirmation e-mail sent to you for this purpose using the link contained therein. In this way, we want to ensure that only you, as the owner of the e-mail address provided, can register for the newsletter. Your confirmation in this regard must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.
If you purchase goods or services from us and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG (German Law against Unfair Competition, Gesetz gegen den unlauteren Wettbewerb, hereinafter referred to as “UWG”).
You can cancel a newsletter you have ordered at any time. To do so, you can either send us an informal e-mail to email@example.com or use the link at the end of the newsletter to cancel. In this case, we will delete your e-mail address immediately.
Analysis cookies or web beacons (small graphics for log analysis) are used to improve the quality of our website and its content and to recognise visitors. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.
We do not give third parties the opportunity to set cookies on our websites.
We do not give third parties the opportunity to share cookie information.
You can determine yourself whether cookies can be set and retrieved through the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback.
Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
You can also delete the cookies in your browser at any time. However, for technical reasons, it is necessary to allow the aforementioned session cookies for the full range of functions of our website.
When using a login area on the services.fohhn.com website, the account name and the correctness of the password entry are logged and a session cookie is transmitted to the user, which is deleted upon logout or expiry of the maximum session lifetime (within a few hours).
The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our online offer within the meaning of Art. 6 (1) lit. f) EU-DSGVO as well as - insofar as contracts are concluded or fulfilled via our online offer - the fulfilment of the contract within the meaning of Art. 6 (1) lit. b) EU-DSGVO.
We do not offer the possibility to register with us via a third-party service provider.
7. Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b) EU-DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) lit. f) EU-DSGVO) or on your consent (Art. 6 (1) lit. a) EU-DSGVO) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g., after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.
8. Registration on this website
a) Handling of applicant data
We offer you the opportunity to apply to us (e.g., by e-mail or post). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.
aa) Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationshis. The legal basis for this is Section 26 BDSG-neu (German Federal Data Protection Act, Bundesdatenschutzgesetz, hereinafter referred to as “BDSG-neu”) under German law (initiation of an employment relationship), Art. 6 (1) lit. b) EU-DSGVO (general contract initiation) and - if you have given your consent - Art. 6 (1) lit. a) EU-DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems based on Section 26 BDSG-neu and Art. 6 (1) lit. b) EU-DSGVO for the purpose of implementing the employment relationships.
bb) Retention period of the data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 (1) lit. f) EU-DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 (1) lit. a) EU-DSGVO) or if legal storage obligations prevent deletion.
You can register on the services.fohhn website in order to use the functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration. We process the following data on the services.fohhn website: Company name, website, e-mail address, telephone number, company logo and address.
In order to use our services on the website services.fohhn, registration is required. As part of setting up a corresponding user account, you must provide a password in addition to your e-mail address. This information is used for login and secure identification on our website.
When using the login area on the services.fohhn.com website, the account name and the correctness of the password entry are logged and a session cookie is transmitted to the user, which is deleted upon logout or expiry of the maximum session lifetime (within a few hours).
When registering and each time you log in to your user account and use our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and the interest of users in protection against misuse and unauthorised use pursuant to Art. 6 (1) lit. f) EU-DSGVO. Legal retention periods remain unaffected.
The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 (1) lit. b) EU-DSGVO).
For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.
For the websites fohhn.com and services.fohhn, we use HubSpot for our online marketing activities.
HubSpot is a software company from the USA with a branch in Ireland.
2nd Floor 30 North Wall Quay,
Dublin 1, Ireland,
Phone: +353 1 5187500
This is an integrated software solution that we use to cover various aspects of our online marketing. These include:
- E-mail marketing (newsletters and automated mailings)
- Reporting (e.g. traffic sources, accesses, etc.)
- Contact management (e.g. user segmentation & CRM)
- Social media (e.g. Facebook, Instagram, LinkedIn)
This information as well as the content of our websites fohhn.com and services.fohhn are stored on servers in Frankfurt am Main belonging to our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this data protection policy.
a) Contact form of HubSpot
When you use our contact form, the data you enter is sent to HubSpot's servers and stored there. During your input, the e-mail address you provide is also sent to HubSpot's servers for validation. This enables us to ensure that the email address you provide is valid and that you will receive our reply.
This storage and processing of your data is based on Art. 6 (1) s. 1 lit. f) EU-DSGVO, our legitimate interest in offering an easy-to-use contact form on the website and receiving business enquiries. As the contact form is only intended for business relations, only general contact information of our contact persons for customers or interested parties is processed in principle. Since you voluntarily provide us with your contact information, we assume that you have a reasonable expectation that we will process your data to contact and respond to your contact. With the help of our service provider, we can respond to your enquiries about our products in a tailored and quick manner.
b) Web analysis by HubSpot
When you use our websites, your browser automatically transmits certain information to HubSpot's servers to enable an analysis of your behaviour on our website.
HubSpot only provides us with anonymised information about access times, sub-pages visited, origin of visitors, country of the user or length of stay. It is not possible for us to assign the accesses to your person. In particular, HubSpot does not permanently store your IP address, but only infers geographical information and then deletes the address.
We only use HubSpot's web analytics services with your prior express consent, which you can give via the consent banner on our website.
The legal basis in this case is Art. 6 (1) s. 1 lit. a) EU-DSGVO, your consent.
We have concluded an order processing contract with HubSpot, which includes the European Commission's standard contractual clauses to ensure an adequate level of data protection in third countries.
c) Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as “Hubspot CRM”).
Among other things, Hubspot CRM allows us to manage existing and potential customers as well as customer contacts. By means of Hubspot CRM, we are able to record, sort and analyse customer interactions via e-mail, social media or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). By using Hubspot CRM, we are also able to record and analyse the user behaviour of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 (1) lit. f) EU-DSGVO. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 (1) lit. a) EU-DSGVO; the consent can be revoked at any time.
You can find more information about the cookies used by HubSpot at:
e) Contract on order processing
We have concluded an order processing contract with Hubspot CRM. This is a contract required by data protection law, which ensures that Hubspot CRM only processes the personal data of our website visitors in accordance with our instructions and in compliance with the EU-DSGVO.
11. Web analysis
We want to know what our website visitors are interested in and what they are looking for, so that we can keep improving the website and make it as easy as possible for all visitors to find the Fohhn information they are looking for. However, since data protection is particularly important to us at the same time, we have decided against using Google Analytics, a tool that is frequently used on the Internet. Below you will find out how we proceed instead.
This website uses the web analytics tool Matomo. This is an open-source software that only operates on our web server. This means that the data that are analysed are only stored on our web server. The data are not transmitted to any other companies. Matomo is explicitly EU-DSGVO-compliant. More information: www.matomo.org
We only store pseudonymised data, such as the language of the browser, the IP address or retention times on certain pages. We are interested at what time and with which end devices the website is frequently used, we count the number of clicks on control elements such as buttons or text links so that we can evaluate the popularity of these elements - however, all this information is purely quantitative and never personalised. We do not know who has clicked on a link.
The use of this analysis tool is based on Art. 6 (1) lit. f) EU-DSGVO. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) lit. a) EU-DSGVO; the consent can be revoked at any time.
For the evaluation of the data, we use the log files analysis as described here: https://www.matomo.org/log-analytics/
12. Plugins and tools
a) Social media
On our website www.fohhn.com, we also offer you extensive personal support and the opportunity to stay in touch with us via our social media services (Facebook, Instagram, YouTube, Google Plus, Xing, LinkedIn). These social media services collect personal data themselves, e.g. via your profile created there or via so-called social plug-ins that are implemented in third-party websites.
If you send us an enquiry via one of these social media, we will forward the enquiry to the relevant department. The data will only be used to respond to your enquiry.
These are offers from the following companies:
Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA)
Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
YouTube, LLC (901 Cherry Ave., San Bruno, CA 94066, USA)
LinkedIn Corporation (1000 West Maude Avenue, Sunnyvale, CA 94085, USA)
For the purpose and scope of the data collection and the further processing and use of the data by these companies, as well as your rights in this respect and setting options for protecting your privacy, please refer to the data protection information of:
Facebook & Instagram:
b) Facebook Remarketing / Retargeting (Custom Audiences Pixel)
The website uses the "Custom Audiences" remarketing function of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). By means of this function and the use of the corresponding Facebook remarketing tag, Fohhn Audio AG can target users with advertising by displaying interest-related personalised Facebook ads when they visit Facebook websites.
When you visit the Fohhn Audio AG website, the Facebook remarketing tags establish a direct connection to the Facebook servers, whereby it is transmitted to the Facebook server which of the Fohhn Audio AG websites you have visited. Facebook assigns this information to your personal Facebook user account.
If you do not want Facebook to assign the collected information directly to your Facebook user account, you can deactivate the "Custom Audiences" remarketing function in your Facebook profile, which requires you to log in there.
c) LinkedIn Analytics and LinkedIn Ads
We use the conversation tracking technology and the retargeting function of the LinkedIn Corporation on our website.
This technology can be used to serve personalised ads on LinkedIn to visitors of this website. Furthermore, the possibility arises to create anonymous reports on the performance of the advertisements as well as information on the interaction of the website. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.
13. Audio and video conferencing
a) Data processing
One of the tools we use to communicate with our clients is online conferencing. The individual tools we use are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all the data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that are necessary for handling the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is shared, uploaded or otherwise made available within the tool, it will also be stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full influence on the data processing procedures of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.
b) Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 (1) s. 1 lit. b) EU-DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 (1) lit. f) EU-DSGVO). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
c) Storage period
The data collected directly by us via the video and conference tools are deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
d) Conference tools used
We use the following conference tools:
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: zoom.us/de-de/privacy.html.
e) Use of "Zoom" to conduct webinars
To conduct our webinars, we use the "Zoom Meetings" software, a solution from Zoom Video Communications, Inc. based in the USA.
With the current ruling of the ECJ ("Schrems II Judgement" C- 311/18), the transfer of personal data via servers that are not operated within the EU is declared unsafe due to the invalidity of the previous EU-US Privacy Shield.
However, according to the principles of the EU General Data Protection Regulation, any processing of personal data requires a legal basis. Therefore, if a lawful transfer of data to the USA is to take place, the legal basis for this is your consent pursuant to Art. 49 (1) lit. a) EU-DSGVO in conjunction with Art. 7 EU-DSGVO.
Therefore, we need your consent to use "Zoom" when conducting the webinar.
f) For your information
Despite the agreement we have concluded with Zoom Video Communications Inc. on the data protection obligations for commissioned data processing, including standard data protection clauses, it may be that these regulations do not constitute a sufficient means of ensuring the effective protection of personal data transferred to the USA in practice.
This is particularly the case because the US authorities are allowed surveillance activities and in practice these take the form of mass surveillance of communications by intelligence agencies.
g) Voluntariness of your consent
Your consent to the use of "Zoom" is given on a voluntary basis. There will be no additional costs for you and no further consequences if you do not consent.
h) Revocability of your consent
You can revoke your consent at any time and without giving reasons with effect for the future. Your revocation means that upcoming webinars to which you have already consented will not take place via "Zoom". Your revocation must be in text form (an e-mail to infofohhn.com is sufficient).
i) Your rights
As a person affected by the data processing in connection with the use of "Zoom" and the implementation of webinars, you have extensive rights. These can be found in detail in our data protection declaration.
aa) Notes on the use of Zoom
In the following, we would like to provide you with some information on our Zoom webinar software and notes on its use. Please read the information carefully and take it into account when planning, conducting and/or participating in Zoom meetings.
bb) What is zoom?
Zoom Video Communications is a US company based in San José, California, that offers video conferencing, online meetings, chat and mobile collaboration. Fohhn Audio AG uses this solution to conduct online webinars.
cc) What data does Zoom collect?
Zoom collects the following technical data on devices, network and internet connection:
- IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or speaker, type of connection,
- Approximate position (no exact location transmission), nearest city
- Usage behaviour (no content from meetings and chats)
- VoIP or phone call, mobile client or desktop
- Selected settings in Zoom
- Participation without video, request meeting password
- Duration of the meeting, e-mail address, name or other data that a participant enters to identify themselves in the meeting,
- Start and end time of participation of participants, name of the meeting, planned date / time of the meeting,
- Chat status and content (unless the user actively chooses a setting)
dd) Where are these data transmitted and stored?
Zoom Video Communications, Inc, zoom.us, which operates the Zoom video conferencing platform, processes the personal data on our behalf. This means that Zoom may only use them in accordance with our instructions and not for its own purposes, i.e. neither for advertising nor passed on to third parties. The data is stored on systems in the USA.
ee) What do you have to consider when using Zoom?
Meeting passwords will be used and if a recording of the webinar is planned, this will be communicated to participants at the time of registration.
Participants of Zoom meetings may also deactivate their video image in favour of better performance. Participants must not be required to activate the video image.
We have basically deactivated the "attention tracking" function for all participants.
Due to the recently published security vulnerabilities in Zoom, it is not recommended to use it on smartphones, as end-to-end encryption does not yet work for phone calls.
14. Data security
We also use technical and organisational security measures to protect personal data that we receive or collect, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorised persons. Our security measures are continuously improved in line with technological developments.
We provide you with various online forms and services with which you can send personal data to us. These forms are protected against inspection by third parties using TLS encryption. The data you enter or send to us as a file may be stored and processed by us as agreed. If the use and processing require the consent of the user or third parties, the consent can be revoked at any time without giving reasons. In this case, however, the fulfilment of the contract by us may be impaired.
Depending on the service, you may be asked to make various entries to identify or prevent misuse:
a) For identification purposes when delivering data, the entry of a user-defined identifier or other suitable authentication may be required. The data is protected via HTTPS against third-party access in accordance with Art. 32 (1) lit. a) and b) EU-DSGVO, provided that the user uses the data transmission methods recommended by us.
b) To prevent use by machines, so-called CAPTCHAS can be used in accordance with Art. 32 (1) lit. b) EU-DSGVO, which contain images or tasks that cannot be processed by computer scripts.
15. Deletion periods
We store personal data only until the purpose of the data storage no longer applies. This does not apply if the user has voluntarily consented to longer processing of the data or if legal retention periods or the possible pursuit of legal claims within periods of limitation that have not yet expired conflict with the deletion (in the case of conflicting retention or limitation periods, it may be necessary to restrict the processing of the data in accordance with Art. 18 EU-DSGVO).
16. Data subject rights
Under the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the above address of the data controller.
Below you will find an overview of your rights.
a) Right to confirmation and information
You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain from us, free of charge, information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:
- the purposes of processing;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from you, all available information about the origin of the data;
- the existence of automated decision-making, including profiling, pursuant to Art. 22 Clauses 1 and 4 EU-DSGVO and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 EU-DSGVO in connection with the transfer.
b) Right of rectification
You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes you have the right to request the completion of incomplete personal data - also by means of a supplementary statement.
c) Right to erasure ("right to be forgotten")
You have the right to request that we delete personal data relating to you without undue delay and we are obliged to delete personal data without undue delay if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) EU-DSGVO and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) EU-DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) EU-DSGVO.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
- The personal data have been collected in relation to information society services offered in accordance with Article 8 (1) EU-DSGVO.
The right to erasure does not exist insofar as the processing is necessary
- to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9 (2) lit. h) and i) and Art. 9 (3) EU-DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) EU-DSGVO, where the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
- for the assertion, exercise or defence of legal claims.
If we have made the personal data public and we are obliged to erase it pursuant to Art. 17 EU-DSGVO, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you have requested that they erase all links to or copies or replications of that personal data.
d) Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
- You dispute the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data.
- The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
- The personal data are no longer necessary for the purposes of processing; however, the data are needed for the establishment, exercise or defence of legal claims; or
- You have objected to the processing pursuant to Art. 21 (1) EU-DSGVO as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.
Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
e) Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that
- the processing is based on consent pursuant to Art. 6 (1) lit. a) EU-DSGVO or Art. 9 (2) lit. a) EU-DSGVO or on a contract pursuant to Art. 6 (1) lit. b) EU-DSGVO and
- the processing is carried out with the aid of automated procedures.
When exercising your right to data portability in accordance with Section 1, you have the right to have the personal data transferred directly from us to another controller, where this is technically feasible.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
f) Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) lit. e) or f) EU-DSGVO; this also applies to profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) EU-DSGVO, unless the processing is necessary for the performance of a task carried out in the public interest.
g) Automated decisions including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
h) Right to revoke consent under data protection law
Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
i) Right to object to the collection of data in specific cases and to direct marketing (Art. 21 EU-DSGVO)
If the data processing is based on Art. 6 (1) lit. e) or f) EU-DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning them for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of such advertising; This also applies to profiling, insofar as it is related to such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising.
j) Right to complain to a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.
k) Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
This data protection declaration is valid as of 30 July 2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection statement at any time on the website at www.fohhn.com/de/datenschutz.
Last change: 10 August 2021