personal data is processed has the right under EU law to request the immediate correction of inaccurate personal data concerning them. Furthermore, the person has the right to request the completion of incomplete personal data, taking into account the purposes of processing, including by means of a supplementary statement.
To exercise this right, the data subject may contact any employee of artevo at any time.

1. d) Right to Erasure (Right to be Forgotten)
   Any person whose personal data is processed has the right under EU law to request that the data controller delete personal data concerning them without delay, provided that one of the following reasons applies and processing is not required:

• The personal data were collected or otherwise processed for purposes that are no longer necessary
• The data subject withdraws consent on which the processing is based, and there is no other legal basis for processing
• The data subject objects to processing pursuant to EU law and there are no overriding legitimate grounds for processing
• The personal data have been unlawfully processed
• Deletion of personal data is necessary to comply with a legal obligation
• Personal data were collected in relation to services offered by the information society

If one of the above reasons applies and a person wishes to request the deletion of personal data stored at artevo, they can contact any employee of the company at any time. The team at artevo will ensure that the deletion request is implemented promptly.
If the personal data have been made public and the company is obliged to delete them, artevo will take appropriate measures, including technical measures, to inform other data controllers processing the published personal data to delete any links, copies, or replications.

 

1. e) Right to Restriction of Processing
   Any person whose personal data is processed has the right under EU law to request the restriction of processing if one of the following conditions is met:

• The accuracy of the personal data is contested, for a period allowing the controller to verify accuracy.
• The processing is unlawful, and the data subject opposes erasure and requests restriction instead.
• The controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims.
• The data subject has objected to processing and it is not yet determined whether the legitimate grounds of the controller override those of the data subject.

If any of these conditions apply, a person may contact any employee of artevo at any time. The data processing team will implement the restriction as requested.

1. f) Right to Data Portability
   Any person whose personal data is processed has the right under EU regulations to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format.
   They also have the right to transmit this data to another controller without hindrance, provided the processing is based on consent under Art. 6(1)(a) or Art. 9(2)(a) GDPR, or on a contract under Art. 6(1)(b) GDPR, and carried out by automated means, unless necessary for a task in the public interest or in the exercise of official authority.
   Where technically feasible, data subjects may request direct transmission of data from one controller to another without adversely affecting the rights of others.
   To exercise this right, the data subject may contact any employee of artevo at any time.
2. g) Right to Object
   Any person whose personal data is processed has the right under EU regulations to object, for reasons arising from their particular situation, at any time to the processing of personal data concerning them, which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. This includes profiling.
   If an objection is made, artevo will stop processing unless compelling legitimate grounds override the data subject’s interests or the processing is required for the establishment, exercise, or defense of legal claims.
   For direct marketing purposes, the data subject can object at any time; artevo will then stop processing for this purpose.
   For scientific, historical, or statistical research (Art. 89(1) GDPR), the data subject may also object unless such processing is necessary for a task in the public interest.
   To exercise this right, the data subject may contact any employee of artevo.
3. h) Automated Individual Decisions, including Profiling
   Every person whose personal data is processed has the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or significantly affects them, unless the decision is necessary for the conclusion or performance of a contract, is legally permitted, or is made with the explicit consent of the data subject.
   If the decision is necessary for a contract or made with explicit consent, artevo ensures protection of rights, including human intervention, expressing views, and contesting the decision.
   To exercise these rights, the data subject may contact any employee of artevo at any time.
4. i) Right to Withdraw Data Protection Consent
   Every person whose personal data is processed has the right to withdraw their consent to the processing of personal data at any time.
   To exercise this right, the data subject may contact any employee of artevo at any time.

 

Data Protection Policy Regarding the Use of Facebook and Instagram

Use of Facebook
The data controller has integrated components of Facebook on this website. Facebook is a social network.

A social network is an online platform that generally allows users to communicate and interact in a virtual space. It can serve as a platform for exchanging opinions and experiences or allow the online community to provide personal or business-related information. Facebook enables users to create private profiles, upload photos, and connect through friend requests.

The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For users outside the USA or Canada, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Whenever a user visits a page on this website containing a Facebook component (Facebook plug-in), their browser automatically downloads the corresponding Facebook component from Facebook’s servers. A full list of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=de_DE. In this process, Facebook learns which specific page of our website is visited.

If the user is logged into Facebook at the same time, Facebook recognizes which page is visited and links this information to the user’s Facebook account. When the user clicks a Facebook button (e.g., “Like”) or posts a comment, Facebook assigns this information to their account and stores the personal data.

This information is transmitted to Facebook whether or not the user interacts with the Facebook component. To prevent data transfer, the user can log out of their Facebook account before visiting the site.

Facebook’s published data policy, available at https://de-de.facebook.com/about/privacy/, explains the collection, processing, and use of personal data, privacy settings, and applications that can prevent data transfer to Facebook.

Use of Instagram
The data controller has integrated components of the Instagram service on this website. Instagram is an audiovisual service that allows users to share photos and videos and distribute such data on other social networks.

The operating company of Instagram services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Whenever a user visits a page on this website with an Instagram component (Insta-Button), the user’s browser is automatically instructed by the Instagram component to download a representation of this component from Instagram. Through this process, Instagram learns which specific page of our website the user is visiting.

If the user is simultaneously logged into Instagram, Instagram can recognize, during the entire visit, which specific page the user is viewing. This information is collected by the Instagram component and associated with the user’s Instagram account. If the user clicks any Instagram button integrated on our website, the transmitted data and information are associated with their personal Instagram account and processed by Instagram.

Instagram receives information through the Instagram component whenever the user visits our website while logged into Instagram, regardless of whether the user clicks on the Instagram component. To prevent this data transfer, the user can log out of their Instagram account before visiting our website.

Further information and Instagram’s applicable privacy policies can be accessed at:

• https://help.instagram.com/155833707900388
• https://www.instagram.com/about/legal/privacy/

 

 

Data Protection Regulations for the Use of Jetpack for WordPress

The data controller has integrated Jetpack on this website. Jetpack is a WordPress plugin that provides additional functionalities to the operator of a WordPress-based website. Among other things, Jetpack allows the website operator to get an overview of visitors. By displaying related posts and publications or enabling content sharing, it is also possible to increase visitor numbers. In addition, Jetpack includes security functions that better protect a website using Jetpack against brute-force attacks. Jetpack also optimizes and speeds up the loading of images integrated into the website.

The company operating the Jetpack plugin for WordPress is Automattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.

Jetpack sets a cookie on the information technology system of the data subject. As explained above, cookies are small data files. Each time a user accesses a page of this website where a Jetpack component is integrated, the browser automatically transmits data to Automattic for analysis. In this technical process, Automattic receives data used to create an overview of website visits. These data are analyzed to understand the behavior of persons accessing the website and to optimize the website. The data collected via Jetpack is not used to identify the data subject without prior explicit consent. The data is also shared with Quantcast, which uses the data for the same purposes as Automattic.

The data subject can prevent cookies from being set by adjusting their browser settings at any time, thereby permanently objecting to the use of cookies. This setting also prevents Automattic/Quantcast from setting cookies on the data subject’s system. Previously set cookies can also be deleted at any time via the browser or other software.

Furthermore, the data subject has the option to object to the collection and processing of data related to the use of this website via Jetpack by pressing the Opt-Out button at https://www.quantcast.com/opt-out/, which sets an Opt-Out cookie on the system. If the cookies are deleted after an objection, the Opt-Out link must be visited again to set a new Opt-Out cookie.

However, placing the Opt-Out cookie may mean that the websites of the data controller are not fully usable for the data subject.

The applicable privacy policies of Automattic are available at https://automattic.com/privacy/ and of Quantcast at https://www.quantcast.com/privacy/.

Legal Basis for Processing Data

Article 6(1)(a) GDPR serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, such as for the delivery of goods or the provision of services, the processing is based on Article 6(1)(b) GDPR. The same applies to processing necessary for pre-contractual measures, e.g., inquiries about our products or services.

If our company is legally obliged to process personal data, such as for tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, processing may be necessary to protect the vital interests of the data subject or another natural person, e.g., if a visitor is injured on our premises and their name, age, health insurance information, or other vital data must be shared with a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) GDPR.

Finally, some processing operations may be based on Article 6(1)(f) GDPR. This applies when processing is necessary to protect the legitimate interests of our company or a third party, provided the rights and freedoms of the data subject do not override. This is allowed because it is explicitly mentioned by the European legislator, who considered that a legitimate interest could exist, especially if the data subject is a customer of the controller (Recital 47 sentence 2 GDPR).

Legitimate Interests Pursued by the Controller or a Third Party

If processing is based on Article 6(1)(f) GDPR, our legitimate interest is the operation of our business for the welfare of all our employees and shareholders.

Duration of Data Storage

The duration of storing personal data is determined by the respective legal retention period. After this period, the data will be routinely deleted unless still required for contract fulfillment or initiation.

Legal or Contractual Requirements for Providing Data; Necessity for Contract; Obligation of Data Subject; Consequences of Non-Disclosure

We inform you that providing personal data may be partly legally required (e.g., tax laws) or based on contractual obligations (e.g., contract partner information). Sometimes, for concluding a contract, the data subject must provide personal data, which will then be processed by us. For example, a data subject must provide their personal data if our company enters into a contract with them. Failure to provide data could prevent the contract from being concluded. Before providing personal data, the data subject should contact one of our employees for case-by-case clarification on the legal or contractual necessity and the consequences of non-provision.

Existence of Automated Decision-Making

As a responsible company, we refrain from automated decision-making or profiling.

This privacy notice was prepared by DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as an external data protection officer in Straubing, in cooperation with privacy lawyer Christian Solmecke.