top of page

I.   General Information about Data Processing

How do we collect your data?

One of the methods with which your data is collected is when you share it with us. For example, this data can include details that you enter in a contact form, the data on a business card that you give to us or data that is saved in the cloud.

Other data is automatically collected by our IT systems when you visit our website. This is primarily technical data (e.g. your internet browser, operating system or the time that you viewed the page). This data is collected automatically as soon as you view our website.

For what purpose do we use your data?

Some of the data is collected to ensure that our website can be viewed without errors. Other data may be used to analyze your usage behavior or to provide cloud-based services.

What rights do you have with regard to your data?

You have the right at any time to receive, at no extra cost, information about the origin, recipient and purpose of your stored personal data. You also have a right to have this data rectified, blocked or erased. You can contact us at any time at any time using the address specified above and in the legal notice to request this and to discuss any further questions you may have about data protection. You also have a right to complain to the competent supervisory authority.

1.   Scope of Personal Data Processing

We process personal data belonging to our users only as far as this is necessary to provide a functional website and to deliver our content and services. The personal data of our users is regularly processed only after receiving the user's consent. An exception applies to cases in which obtaining prior consent is not possible for legitimate reasons and when processing of this data is permitted by law.

2.   Legal Basis for Processing Personal Data

Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) applies as the legal basis for processing personal data when we obtain the consent of the data subject to collect personal data for processing.

When processing personal data that is required to fulfill a contract in which the contracting party is the data subject, Article 6(1)(b) of the GDPR applies as the legal basis. This also applies to processing operations necessary to implement pre-contractual measures.

When we process personal data to fulfill a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR applies as the legal basis.

Article 6(1)(f) of the GDPR applies as the legal basis for processing data when this is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override this legitimate interest.

3.   Deleting Data and Storage Duration

The personal data of the data subject is deleted or blocked as soon as the purpose for storing the data has been fulfilled. In addition, data may be stored if data storage has been allowed by European or national legislators in Union regulations, laws or other provisions to which the controller is subject. Data may also be blocked or deleted even if a storage period prescribed by the aforementioned standards expires unless a there is a need for continued storage of the data to allow the conclusion of a contract or fulfillment of a contract.

4.   Processing Personal Data Belonging to Customers

If you are one of our customers, we regularly process the below personal data belonging to our natural point of contact. This data is processed by us exclusively for business purposes:

(1)   Name

(2)   First name

(3)   Company address

(4)   Billing address

(5)   Delivery address

(6)   Telephone number

(7)   Fax number

(8)   Cell phone number (optional)

(9)   Email address

(10)   Business bank details (only in the event of refund)

All of this data is necessary for us to contact you and to correctly process quotations and orders. Article 6(1)(b) of the GDPR forms the legal basis for these activities.

The data transferred to third parties relates only to documents such as invoices and, where relevant, delivery notes that are transferred for processing to the Slovak Tax Office via our tax advisor. These documents generally contain no personal data aside from the name of the company (in the case of sole proprietorships). However, it is possible that the first and last names of contact partners or company owners are contained within these documents.

The data is not transferred to third countries.

This master data is stored in our IT systems for as long as the business relationship exists and there is a legitimate legal reason for storing the data. Customer data is deleted in accordance with the storage period that applies to the specific use of the data. If a data subject requests for their data to be erased or blocked, their data is blocked immediately and then erased once the legal storage period expires. If there is no reason for storage of the data to continue, the data will be erased.

5.   Processing of Personal Data Belonging to Suppliers

If you are one of our suppliers, we regularly process the below personal data belonging to our natural point of contact. This data is processed by us exclusively for business purposes:

(1)   Name

(2)   First name

(3)   Company address

(4)   Billing address

(5)   Delivery address

(6)   Telephone number

(7)   Product Serial Number / MAC address

(8)   Cell phone number (optional)

(9)   Email address

(10)   Business bank details

All of this data is necessary for us to contact you and to correctly process quotations and orders. Article 6(1)(b) of the GDPR forms the legal basis for these activities.

The data transferred to third parties relates only to documents such as invoices and, where relevant, delivery notes that are transferred for processing to the Slovak Tax Office via our tax advisor. These documents generally contain no personal data aside from the name of the company (in the case of sole proprietorships). However, it is possible that the first and last names of contact partners or company owners are contained within these documents.

The data is not transferred to third countries.

This master data is stored in our IT systems for as long as the business relationship exists and there is a legitimate legal reason for storing the data. Supplier data is deleted in accordance with the storage period that applies to the specific use of the data. If a data subject requests for their data to be erased or blocked, their data is blocked immediately and then erased once the legal storage period expires. If there is no reason for storage of the data to continue, the data will be erased.

 

II.   Provision of the Website and Creation of Log Files

1.   Description and Scope of Data Processing

Every time you visit our website, our system automatically collects data and information from the system on the computer accessing the website.

The following data is collected:

(1)   Information about the browser type, the version in use, the language in use

(2)   Information about the device type and the resolution in use

(3)   The user's operating system

(4)   The user's internet service provider

(5)   The user's IP address

(6)   The user's location

(7)   The date, time and duration of access

(8)   The page views during the access period

(9)   Websites from which the user's system accessed our website

(10)   Websites accessed by the user's system via our website

The data is also stored in the log files in our system. This data is not stored alongside other personal data belonging to the user.

2.   Legal Basis for Data Processing

Article 6(1)(f) forms the legal basis for temporarily storing data and log files.

3.   Purpose of Data Processing

Temporary storage of the user's IP address by the system is necessary to allow the website to be delivered to the user's computer. For this purpose, the IP address of the user must be stored for the duration of the session.

The data is stored in log files to guarantee the functionality of the website. In addition, the data helps us to optimize the website and to guarantee the security of our information systems. Analysis of the data for marketing purposes does not take place in this scenario.

For these purposes, our legitimate interest in processing the data is also based on Article 6(1)(f) of the GDPR.

4.   Duration of Storage

The data is deleted as soon as it is no longer required to fulfill the purpose for which it was collected. In the case of data being collected in order to provide the website, this is the case when the respective session is finished.

Storage beyond this point is possible. In this case, the user's IP addresses are deleted or pseudonymized so that it is no longer possible to use them to identify the accessing client.

5.   Right to Object and to Rectification

Collecting data for the purpose of providing the website and storing this data in log files is mandatory for operating our website. For this reason, the user has no right to object.

 

III.   Use of Cookies

1.   Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a distinctive character string that allows the unique identification of the browser when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable even after the user moves on to a different page.

The following data is stored and transmitted in the cookies:

(1)   Language settings

(2)   Login information

(3)   Session ID

We also use cookies on our website to allow us to analyze the user's surfing behavior.

In this format, the following data can be transmitted:

(1)   Search terms entered

(2)   Frequency of page views

(3)   Use of website features

(4)   Products entered for product comparisons

(5)   Website navigation (paging and filtering)

(6)   Screen size

(7)   Device type

(8)   Browser

(9)   Location (country only)

The user data collected in this format is pseudonymized by means of technical precautions. Using the data to identify the accessing user is therefore no longer possible. The data is not stored alongside the user's other personal data.

When our website is accessed, users are informed about the use of cookies for analysis purposes and referred to this Privacy Policy via an info banner. In this scenario, users are also notified that they can prevent cookies being stored in the browser settings.

More information about the analysis tools that we use is provided in the following explanations and links:

 

Google Analytics:

This website uses Google Analytics, a web analysis service provided by Google, Inc. ("Google"). Google Analytics uses "cookies" — text files that are stored on your computer and enable the analysis of website usage. The information produced by the cookie about your use of this website is usually sent to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be shortened by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, compile reports about website activities and provide the site operator with other services relating to website and internet use. The IP address sent by your browser as part of Google Analytics will not be merged with other Google data. You may prevent cookies from being stored on your computer by selecting the relevant setting in your browser software; however, we would like to point out that in this case some parts of this website may lose full functionality. You can also prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

 

Google Ads:

We have integrated Google Ads into this website. Google Ads is an online advertising service that allows advertisers to display adverts in both the search engine results from Google and within the Google advertising network. Google Ads allows an advertiser to specify certain keywords to prompt an advert to be displayed in the search engine results from Google provided that the user retrieves a search result relevant to the keywords by using the search engine. Within the Google advertising network, the adverts are distributed across related websites by means of an automatic algorithm and in accordance with the keywords that have already been specified. We use Google Ads to advertise our website by displaying interest-based advertising on websites operated by third-party companies and in the search engine results from the Google search engine and by displaying third-party advertising on our website. When a data subject accesses our website via a Google advert, a "conversion cookie" is stored by Google on the IT system of the user in question. A conversion cookie becomes invalid after thirty days and is not designed to enable identification of the data subject. While the conversion cookie is still valid, it is used to track whether the user accesses certain subpages, such as the shopping cart of an online shop system. The conversion cookie allows Google and us to track whether a data subject who accessed our website via a Google Ads advert generated a sale, i.e., whether a purchase was completed or cancelled.

The data and information collected using the conversion cookie is used by Google to compile traffic statistics for our website. These traffic statistics are used by us in turn to determine the total number of users who accessed our website via Google Ads adverts so that we can assess the success or failure of the respective Google Ads adverts and optimize our Google Ads adverts for the future. Neither our company nor any other advertisers that use Google Ads receive information from Google with which the data subject could be identified.

The conversion cookie is used to store personal information, such as the websites visited by the data subject. Every visit to our websites therefore involves personal data, including the IP address of the Internet connection used by the data subject, being processed. Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland is the company affiliated with Google that is responsible for processing your data and complying with the applicable data protection laws.

You can prevent cookies from being generated by our website as described above at any time by adjusting your Internet browser settings accordingly and therefore permanently preventing cookies from being stored. Adjusting your Internet browser settings will also prevent Google from storing a conversion cookie on the IT system. In addition, a cookie already stored by Google Ads can be deleted at any time using the Internet browser or other software programs.

Furthermore, you have the option to opt out of interest-based advertising from Google. To do this, use your Internet browser to access this link https://adssettings.google.com and then configure the settings as required.

More information and the data protection provisions applicable at Google can be found at https://policies.google.com/privacy?hl=en.

Google play Services

Privacy Policy TSS COMPANY s.r.o. built the TSSTagger app as a Free app. This SERVICE is provided by TSS COMPANY s.r.o. at no cost and is intended for use as is.
This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.
If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.
The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which are accessible at TSSTagger unless otherwise defined in this Privacy Policy.
Information Collection and Use
For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information. The information that we request will be retained by us and used as described in this privacy policy.
The app does use third-party services that may collect information used to identify you.
Link to the privacy policy of third-party service providers used by the app

Log Data
We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.
Cookies
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.
This Service does not use these “cookies” explicitly. However, the app may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.
Service Providers
We may employ third-party companies and individuals due to the following reasons:

  • To facilitate our Service;

  • To provide the Service on our behalf;

  • To perform Service-related services; or

  • To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to their Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
Security
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Links to Other Sites
This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Children’s Privacy
These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13 years of age. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do the necessary actions.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.
This policy is effective as of 2022-10-15
Contact Us
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at support@tsscompany.eu.
This privacy policy page was created at privacypolicytemplate.net and modified/generated by App Privacy Policy Generator

2.   Legal Basis for Data Processing

Article 6(1)(f) of the GDPR forms the legal basis for processing personal data using cookies.

Article 6(1)(a) of the GDPR is the legal basis for processing personal data using cookies for analysis purposes when the user has provided their consent.

3.   Purpose of Data Processing

The purpose of using technically necessary cookies is to make it simpler for users to navigate websites. Some features of our website cannot be offered without the use of cookies. In these cases, it is also necessary for the browser to be identified again after the user has moved on to a different page.

We need cookies for the following applications:

(1)   Transferring language settings

(2)   Recording search terms

(3)   Product comparisons

(4)   Website navigation

(5)   Tracking tools — for optimizing ease of use

(6)   Guaranteeing the technical functionality of the website

The user data obtained by technically necessary cookies is not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Using analysis cookies, we find out how the website is used and can therefore continuously optimize our offering.

For these purposes, our legitimate interest in processing personal data is also based on Article 6(1)(f) of the GDPR.

4. Duration of Storage and the Right to Object and to Rectification

Cookies are stored on the user's computer and transmitted from here to our website. As a result, you therefore also have full control over the use of cookies as a user. Changing the settings in your internet browser allows you to disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. It is also possible to automate this process. If cookies are disabled for our website, it may no longer be possible to use all functions of the website in full.


IV.   Social media

1.   Description and scope of data processing

As a company, we operate business profiles on various social media platforms. As result of operating these profiles, statistical data is collected by the platform operators and made available to us in the form of an evaluation. Our company's own usage profiles also give us access to various types of personal data relating to users who visit our social media pages. We do not store this data.
This data can be:

(1)   User name; last name, first name

(2)   Job title

(3)   Employer, sector

(4)   Profile picture

In accordance with Art. 26 GDPR, we - as the operator of the profile - and the operators of the social media platforms are both considered to be the data controller since we decide on the purpose of data processing together.
Your personal data is also processed by the operators of these social media platforms. The scope of these processing activities depends on the respective general terms and conditions of the social media platform as well as their respective data protection regulations. As a company, we have only limited influence on these data processing activities.
If you do not wish to use a social media platform, you can also contact us via our website.
If you would like to know more, please use the links below to obtain more information about data processing conducted by social media platforms.

 

2.   Legal basis for data processing

Data processing is based on our company's overriding legitimate interest in line with Article 6(1)(f) GDPR.

 

3.   Purpose

We use social media platforms to inform online users about our company and the products we offer. The platforms provide us with the opportunity to understand what impression you as a customer or interested party have of our market presence, which allows us to continuously improve our company and our products.
Furthermore, these platforms give you a quick way to easily ask us questions and receive an immediate response.

 

V.   Newsletter

1.   Description and Scope of Data Processing

There is an option to subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is sent to us. This data includes:

(1)  Title

(2)   First name

(3)   Last name

(4)   Email address

The following data is also collected during registration:

(1)   IP address of the accessing computer

(2)   Date and time of registration

(3)   Country

(4)   Language

As part of the registration process, your consent to your data being processed is obtained and you are referred to this Privacy Policy.

No data is transferred to third parties when data is processed for the purpose of sending newsletters. The data is used solely for sending the newsletter.

2.   Legal Basis for Data Processing

Article 6(1)(a) of the GDPR forms the legal basis for processing data following registration for a newsletter when the user has provided their consent.

3.   Purpose of Data Processing

The purpose of collecting the user's email address is to deliver the newsletter.

The purpose of collecting other personal data during the registration process is to prevent misuse of the service or of the email address in use.

4.   Duration of Storage

The data is deleted as soon as it is no longer required to fulfill the purpose for which it was collected unless we are authorized or obligated to retain the data due to any other legal obligation (e.g. existing supply relationships). The user's email address is accordingly stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is deleted along with the email address.

5. Right to Object and to Rectification

The subscription to the newsletter can be canceled by the relevant user at any time. A corresponding link is available in each newsletter for this purpose.

This link also allows the user to withdraw his/her consent to the storage of the personal data collected during the registration process.

 

VI.   Contact Forms, Contact via Email, Product Registration and Product Returns

1.   Description and Scope of Data Processing

Forms for contacting us electronically are provided on our website. If a user makes use of these forms, the data entered in the input screen is sent to us and stored. This data may include:

(1)   Salutation

(2)   Title

(3)   First name

(4)   Last name

(5)   Email address

(6)   Company

(7)   House number and street

(8)   Additional address details

(9)   City

(10)   State

(11)   Postal code

(12)   Country

(13)   Telephone number

(14)   Product Serial Number/ MAC address

(15)   Company

When the message is submitted, the following data is also stored:

(1)   Date and time of registration

As part of the submission process, your consent to your data being processed is obtained and you are referred to this Privacy Policy.

As an alternative, users can contact us via the email address provided. In this case, the user's personal data transmitted with the email is stored.

No data is transferred to third parties in this scenario. The data is used exclusively for processing the conversation.

 

2.   Legal Basis for Data Processing

Article 6(1)(a) of the GDPR forms the legal basis for processing data when the user has provided their consent.

Article 6(1)(f) of the GDPR forms the legal basis for processing data transmitted when an email is sent. Article 6(1)(b) of the GDPR forms the legal basis for processing if the purpose of contact via email is to conclude a contract.

3.   Purpose of Data Processing

We process personal data from the input screen solely for the purpose of processing your query. A legitimate interest is also required to process data from contact via email.

The other personal data processed when an email is sent is used to prevent forms being misused and to guarantee the security of our information systems.

4.   Duration of Storage

The data is deleted as soon as it is no longer required to fulfill the purpose for which it was collected. For the personal data from the input screens of the forms and the data sent via email, this happens when the respective conversation with the user is finished. The conversation is considered finished when the circumstances make it clear that the relevant issue has been resolved in full.

5.   Right to Object and to Rectification

The user has the option to withdraw his/her consent to the processing of personal data at any time. If the user contacts us via email, he/she can object to the storage of his/her personal data at any time. In this scenario, the conversation cannot be continued.

All personal data stored during the conversation will therefore be deleted.

 

VII.   Contact via Providing Business Cards

1.   Description and Scope of Data Processing

There is the possibility of establishing contact by providing us with a business card. The data contained on the card will be processed by us. The following data is processed:

(1)   Salutation

(2)   Title

(3)   First name

(4)   Last name

(5)   Email address

(6)   Company

(7)   Address

(8)   Country

(9)   Telephone number

Contact will be made using the data provided.

If the business card is provided to us in a country other than the home country of the customer or interested party, the data is also passed on to the respective Turck subsidiary and is processed in the country where the customer or interested party is based.

2.   Legal Basis for Data Processing

Article 6(1)(f) of the GDPR forms the legal basis for processing data when we are provided with business cards by customers or interested parties.

3.   Purpose of Data Processing

Data is collected from customers or interested parties for the purpose of establishing contact.

4.   Duration of Storage

The data is deleted as soon as it is no longer required to fulfill the purpose for which it was collected unless we are authorized or obligated to retain the data due to any other legal obligation (e.g. existing supply relationships).

VIII.   Software Updates and Downloading Configuration Files

1.   Description and Scope of Data Processing

TAS software and the firmware on Turck hardware products (especially fieldbus devices) may have an integrated webserver and use this to supply websites.
These websites may contain functions to download configuration files (e.g. IO-Link Device Descriptions [IODD]) or up-to-date versions of updates for software or firmware.
In order to download these assets, the IP address must be transferred for technical reasons. The transfer also contains information concerning which files are being requested or for which device type the files are being searched for.

2.   Legal Basis for Data Processing

Consent to data processing in order to achieve the purpose outlined below was assigned before installation in line with Article 6(1)(a) of GDPR.

3.   Purpose of Data Processing

Data is collected from users to provide the user with the functions outlined in 1. 
For this purpose, the user gave their consent regarding data processing in accordance with Article 6(1)(a) of GDPR.

4.   Duration of Storage

The data is deleted as soon as it is no longer required to fulfill the purpose for which it was collected, unless we are authorized or obligated to retain the data due to another legal obligation (e.g. existing supply relationships).

 

IX.   Rights of the Data Subject

If your personal data is processed, you are the data subject as defined by the GDPR. The GDPR grants you the following rights in relation to the controller:

1.   Right of Access by the Data Subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed,

and, where that is the case, access to the personal data and the following information:

(1)   the purpose of the processing;

(2)   the categories of personal data concerned;

(3)   the recipients or categories of recipient to whom the personal data have been or will be disclosed;

(4)   where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5)   the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(6)   the right to lodge a complaint with a supervisory authority;

(7)   where the personal data are not collected from the data subject, any available information as to their source;

(8)   the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data subject shall have the right to request information about whether the personal data is being transferred to a third country or to an international organization. Where personal data is transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

2.   Right to Rectification

The data subject shall have the right to ask the controller to rectify and/or complete the personal data if the data is inaccurate or incomplete. The controller must comply with the request for rectification without undue delay.

3.   Right to Restriction of Processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

(1)   the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(2)   the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(3)   the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims

(4)   the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing pursuant to the above shall be informed by the controller before the restriction of processing is lifted.

4.   Right to Erasure

a)   Obligation to Erase

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1)     the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(2)     the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there are no other legal grounds for the processing;

(3)      the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(4)      the personal data has been unlawfully processed;

(5)      the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(6)       the personal data has been collected in relation to the offer of information society services referred to in Article 8(1).

b)   Information to Third Parties

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c)   Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

(1)      for exercising the right of freedom of expression and information;

(2)      for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3)      for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

(4)      for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5)      for the establishment, exercise or defense of legal claims.

5.   Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform the data subject about those recipients if the data subject requests it.

6.   Right to Data Portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

(1)   the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

(2)   the processing is carried out by automated means.

In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.   Right to Object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

8.   Right to Withdraw Consent to the Data Protection Declaration

The data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

9.   Automated Individual Decision-Making, Including Profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This shall not apply if the decision:

(1)    is necessary for entering into, or performance of, a contract between the data subject and a controller;

(2)    is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

(3)    is based on the data subject's explicit consent.

These decisions shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10.   Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.!

bottom of page