Data protection statement
1) Information about the collection of personal data and contact details of the person responsible
1.1 Thank you for visiting our website, and thank you for your interest. We will inform you about the handling of your personal data when you are using our website in the following. Personal data is any data with which you can be personally identified.
1.2 The person responsible for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is bellissa haas GmbH, Birkenstraße 22, 88285 Bodnegg-Rotheidlen, Germany, e-mail: info@bellissa.com. The person responsible for the processing of personal data is the natural or legal person who decides on the purposes and means of the processing of personal data, either on their own responsibility or together with other persons.
1.3 The person responsible has appointed a data protection officer, who can be contacted as follows: "Dr. Timo Hoffmann www.mein-datenschutzbeauftragter.de Eckweg 1 78048 Villingen-Schwenningen E-Mail: datenschutz@bellissa.com"
1.4 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries sent to the person responsible). An encrypted connection can be identified by the string "https://" and the padlock symbol in your browser bar.
2) Data collection when using our web site
During the use of our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we will only collect data that is transmitted to our server by your browser (so-called "server log files"). When you call up our web site, we collect the following data which is required for technical reasons in order to display the web site to you:
- Our visited website
- Date and time of access
- Amount of data transmitted in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
Processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files at a later date if there are concrete indications of illegal use.
3) Cookies
We use cookies to make your visit to our website attractive and enable the use of certain functions, i.e. small text files which are stored on your terminal device. Some of these cookies are automatically deleted when the browser is closed (so-called "Session Cookies"), and some remain on your terminal device for longer and allow page settings to be saved (so-called "Persistent Cookies"). In the latter case, the storage duration can be found in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies which are used by us, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either for carrying out the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent being provided or in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website, as well as ensuring that the site visit has a customer-friendly and effective design.You can set up your browser in such a way that you are notified about the setting of cookies and decide whether to accept them, or you can block the acceptance of cookies for certain cases or in general.Please note that if you do not accept cookies, the functionality of our website may be restricted.
4) Contact
4.1 Userlike (Userlike UG (with restricted liability))Anonymised data is collected and stored on this web site using technologies provided by Userlike UG (with restricted liability), Deisterweg 7, 51109 Cologne, (www.userlike.com) for the purpose of web analysis and operating the live chat system, which is used to respond to live support enquiries. Usage profiles can be created from this anonymised data under a pseudonym. Cookies can be used for this purpose. Cookies are small text files which are stored locally in the cache of the site visitor's Internet browser. Cookies make it possible for the Internet browser to be recognised. If the information collected in this way has a personal reference, processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behaviour for optimisation purposes.
The data collected with the Userlike technologies will not be used to personally identify the visitor to this website without obtaining separate consent from the person concerned, and will not be kept together with personal data about the bearer of the pseudonym. To avoid the storage of Userlike cookies, you can set up your internet browser in such a way that no more cookies can be stored on your computer in the future, or that previously stored cookies are deleted. However, blocking all cookies may mean that some of the functions on our Internet pages can no longer be carried out. You can object to the collection and storage of data for the purpose of creating a pseudonymised user profile at any time with effect for the future by sending us your objection informally by e-mail to the address specified in the imprint.
4.2 When you contact us (e.g. via the contact form or by e-mail), personal data is processed - exclusively for the purpose of processing and responding to your request, and only to the extent that is necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in responding to your concern in accordance with Art. 6 Para. 1 lit. f GDPR. If the purpose of your contact is to agree a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when circumstances indicate that the matter in question has been finally clarified and there are no legal obligations for retaining the data.
5) Data processing when opening a customer account
In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent that is necessary if you provide it to us when you open a customer account. You can find out which data is required to open an account on the input screen of the relevant form on our website. Your customer account can be deleted at any time by sending a message to the above-mentioned address of the person responsible. Once your customer account has been deleted, your data will be deleted, provided that all contracts concluded using your data have been fully processed, there are no legal retention periods to the contrary, and there is no justified interest on our part in continuing to store the information.
6) Use of customer data for direct advertising
6.1 Subscription to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will send you information about our offers at regular intervals. The only mandatory information that is required for sending the newsletter is your e-mail address. The provision of additional data is voluntary, and will be used to address you personally. We use the so-called double opt-in procedure to send the newsletter, which ensures that you will only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link which has been sent to the specified e-mail address
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When doing this, we store the IP address entered by your Internet service provider (ISP) and the date and time of registration so that we can trace any possible misuse of your e-mail address at a later date. The data that we collect when you register for the newsletter is only used for its intended purpose. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter, or by sending an appropriate message to the responsible person mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we have reserved the right to use your data in a legally permitted way that goes beyond this, and about which we have informed you in this declaration.
6.2 - Newsletter delivery via Sendinblue
Our email newsletter is sent via technical service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, to whom we pass on the data you provided when you registered for the newsletter. This passing on takes place in accordance with Art. 6 Para. 1 lit. f GDPR and is in our legitimate interest in using a newsletter system that is effective for advertising, secure and user-friendly. The data which you enter for the purpose of receiving the newsletter (e.g. email address) is stored on Sendinblue's servers in the EU.
Sendinblue uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the e-mails which are sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked on, if any. Technical information is also collected (e.g. point in time of call-up, IP address, browser type and operating system). The data that is collected is pseudonymised, and is not linked to your other personal data, which rules out the possibility of a direct personal reference. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters to the interests of the recipients in a better way. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Sendinblue may also use this data itself in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of its own legitimate interest in designing and optimising the service in accordance with requirements, and also for market research purposes, e.g. to determine which countries the recipients come from. However, Sendinblue does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
We have concluded an order processing agreement with Sendinblue, with which we oblige Sendinblue to protect the data of our customers and not pass it on to third parties.
You can view Sendinblue's data privacy policy here: https://de.sendinblue.com/legal/privacypolicy/
6.3 - Advertising by letter post
Based on our legitimate interest in personalised direct advertising, we reserve the right to store your first name and surname, your postal address and - provided that we have received this additional information from you as part of the contractual relationship - your title, academic degree, year of birth and your occupational, industry or business designation in accordance with Art. 6 Para. 1 lit. f GDPR and use this information to send you interesting offers and information about our products by post.
You can object to the storage and use of your data for this purpose at any time by sending an appropriate message to the person responsible.
7) Data processing for dealing with orders
7.1 If it is necessary for the processing of the contract for delivery and payment purposes, the personal data which we have collected will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit b GDPR.
In order to process your order, we also collaborate with the following service provider(s), who support us in whole or in part in carrying out concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
7.2 Use of payment service providers (payment services)
- Adyen
If you decide on a payment method from payment service provider Adyen, the payment will be processed via payment service provider Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands, to whom we will pass on the information you provided during the ordering process together with information about your order (name, address, IBAN, BIC, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for processing payments with payment service provider Adyen, and only if it is necessary for this purpose.
8) Online marketing
8.1 Facebook Pixel for creating Custom Audiences (with the Cookie Consent Tool)
The so-called "Facebook Pixel" of social network Facebook is used within the scope of our online content, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").
If a user clicks on an advertisement placed by us which is played on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. If our site allows data sharing with Facebook via Pixel, this URL parameter is written to the user's browser via a cookie which is set by our linked site. This cookie is then read out by Facebook Pixel and allows the data to be forwarded to Facebook.
With the aid of the Facebook pixel, Facebook can determine the visitors to our online content as a target group for displaying advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to only display the Facebook ads which we have placed to those Facebook users who have also shown an interest in our online content or have certain characteristics (e.g. interests in certain topics or products determined on the basis of websites visited), which we transmit to Facebook (so-called "Custom Audiences"). With the aid of the Facebook pixel, we also want to ensure that our Facebook ads match the potential interest of the users and do not have a harassing effect. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The data which is collected is anonymous for us, meaning that we cannot draw any conclusions about the user's identity. However, the data is stored and processed by Facebook so that a connection can be made to the respective user profile, and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). This data may allow Facebook and its partners to place ads on and outside of Facebook.
The data processing associated with the use of the Facebook Pixel is only carried out with your express consent in accordance with Art. 6 Para. 1 lit. a DGPR. You can revoke the consent which you have given at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
8.2 Use of affiliate programmes
- ADCELL Partner Programme (Firstlead GmbH)
We participate in the partner programme "ADCELL" of Firstlead GmbH, Rosenfelder St. 15-16, 10315 Berlin (hereinafter "ADCELL"). Within the scope of its services, ADCELL stores cookies on the terminal devices of users to document transactions (e.g. "sales leads") when a visitor clicks on an advertisement with the partner link. These cookies are exclusively used to correctly assign the success of an advertising medium and the corresponding billing within the framework of the network. ADCELL also uses so-called tracking pixels. Information such as visitor traffic on the site can be evaluated via these pixels.
The information that is generated by cookies and tracking pixels about the use of this website (including the IP address) and the delivery of advertising formats is transmitted to an ADCELL server, where it is stored. Among other things, ADCELL can recognise that someone has clicked on the partner link on this website. ADCELL can pass on this (anonymised) information to contractual partners under certain circumstances, but data such as the IP address will not be stored together with other stored data.
If the information also contains personal data, the described processing is based on our legitimate financial interest in processing commission payments with ADCELL in accordance with Art. 6 Para. 1 lit. f GDPR.
If you wish to block the evaluation of user behaviour via cookies, you can set up your browser so that you are informed about the setting of cookies and decide whether to accept them or block the acceptance of cookies for certain cases or in general. If you do not agree to the processing of your data as described above, you can optionally deactivate the data processing at www.adcell.de/datenschutz.
Insofar as it is legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 Para. 1 lit.a GDPR. You can revoke the consent which you have given at any time with effect for the future. To exercise your right of withdrawal, please follow the procedure for withdrawing the consent which is described above.
9) Web analysis services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies", which are text files that are stored on your terminal device and allow your use of the website to be analysed. The information generated by the cookie about your use of the website (including your IP address) is normally transmitted to and stored by Google on a server, whereby it may be transmitted to a Google LLC. server in the USA.
This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures that the IP address anonymised by shortening it and ensures that direct personal reference is not possible. The extension ensures that your IP address is shortened beforehand by Google within member states of the European Union or in other states which are party to the Agreement via the European Economic Area. The full IP address be transmitted to a Google LLC. server in the USA and shortened there in exceptional cases. Google will use this information on our behalf in order to evaluate your use of the website, compile reports about website activity and provide other services concerning website activity and Internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics is not kept together with other Google data.
Google Analytics also makes it possible to produce statistics containing information about the age, gender and interests of site visitors based on an evaluation of interest-based advertising and with the involvement of third-party information via a special function known as "demographic characteristics". This makes it possible to define and differentiate user groups of the website for the purpose of target group-optimised alignment of marketing measures. However, data records collected via the "demographic characteristics" cannot be assigned to a certain person.
Details of the processing triggered by Google Analytics and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites. All of the processing described above, particularly the setting of Google Analytics cookies for reading information on the end device that is used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DGPR. Google Analytics will not be used during your visit to the site without this consent.You can revoke the consent which you have given at any time with effect for the future. To exercise your revocation, please deactivate this service in the "cookie consent tool" which is provided on the website. We have concluded an order processing contract with Google for the use of Google Analytics which obliges Google to protect the data of our site visitors and not to pass it on to third parties.
With regard to the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are supposed to ensure compliance with the European level of data protection in the USA.
More information about Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
10) Retargeting/ Remarketing/ Referral advertising
Google Ads Remarketing
This website uses the "Google Ads" online advertising programme and, within the scope of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use the Google Ads service to draw attention to our attractive offers on external websites with the aid of advertising media (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. Our goal is to show you advertising that is of interest to you, make our website more interesting for you and achieve a fair calculation of the advertising costs that are incurred.
The conversion tracking cookie is set when a user clicks on an ad which has been placed by Google. Cookies are small text files which are stored on your terminal device. These cookies usually lose their validity after 30 days, and are not used for the purpose of personal identification. If the user visits certain pages on this website and the cookie has not yet expired, both Google and ourselves can recognise that the user has clicked on the ad and been redirected to this page. Each Google Ads customer is given a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information which is collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted in to conversion tracking. The customers find out the total number of users who clicked on their ad and were redirected to a page which has been tagged with a conversion tracking tag. However, they do not receive any information which can be used to personally identify users. The use of Google Ads may also result in the transmission of personal data to the servers of Google LLC. in the USA.
Details of the processing triggered by the Google Ads Conversion Tracking and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
All of the above-mentioned processing, particularly the setting of Google Analytics cookies for reading information on the terminal device that is used will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke the consent which you have given at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in which is available at the following link:
https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may only be restrictedly usable if you have deactivated the use of cookies.
Google's privacy policy can be found here:
https://www.google.de/policies/privacy/
Pinterest retargeting pixel
A pixel (Pinterest tag) of Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest") is integrated on this website. Information about the surfing behaviour of website visitors can be collected, stored and evaluated in pseudonymised form with the aid of the pixel. The information can be assigned to the user with the aid of further information which Pinterest has stored about the user, e.g. due to ownership of an account on the "Pinterest" social network. Pinterest analyses surfing behaviour using an algorithm, and can then display targeted product recommendations on the user's Pinterest account in the form of personalised advertising banners. Pinterest may also combine the information collected via the pixel with other information that Pinterest has collected via other websites and / or in connection with the use of the social network "Pinterest", and therefore create pseudonymised usage profiles. However, under no circumstances can the collected information be used to personally identify visitors to this website.
All of the above-mentioned processing, particularly the setting of cookies for reading out information on the terminal device that is used, only takes place if you have given us your express consent to do so in accordance with Art. 6 Para.1 lit. a DGPR. You can revoke the consent which you have given at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
This website uses the "Pinterest Tag" conversion tracking technology by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").
If you have accessed our website from a pin on Pinterest, we will set a cookie on your computer which interacts with a "tag" which is also implemented in the form of a JavaScript code from Pinterest. Cookies are small text files which are stored on your terminal device. These cookies lose their validity after 180 days, and are not used for personal identification.
If the user is redirected to pages on this website from a pin on Pinterest and the cookie has not yet expired, the tag records certain user actions which we have predefined and can track these (e.g. completed transactions, leads, searches on the website, product page call-ups). When an action such as this is being performed, your browser sends an HTTP request to the Pinterest server via the Pinterest tag from the cookie, with which certain information about the action is transmitted (including the type of action, point in time, browser type of the terminal device).
By means of this transmission, Pinterest can generate statistics about the usage behaviour on our website after forwarding from a Pinterest Pin which we can use to optimise our offer.
However, we do not receive any information with which the user can be personally identified.
All of the above-mentioned processing, particularly the setting of cookies for reading out information on the terminal device that is used, only takes place if you have given us your express consent to do so in accordance with Art. 6 Para.1 lit. a DGPR. You can revoke the consent which you have given at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
11) Page functionalities
11.1 Use of Youtube videos
This website uses the Youtube embedding function to display and play videos from provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Extended data protection mode is used here, which only triggers the storage of user information when the video(s) is/are played in accordance with the provider's specifications. If the playback of embedded Youtube videos is started, the "Youtube" provider uses cookies to collect information about user behaviour. According to information from "Youtube", these are used to collect video statistics, improve user-friendliness and prevent abusive behaviour, among other things. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right. The use of Youtube may also result in the transmission of personal data to the servers of Google LLC. in the USA. Regardless of the playback of the embedded videos, a connection to the Google network is established every time this website is called up, which may trigger further data processing operations without our influence. All of the above-mentioned processing, particularly the reading of information on the terminal device that is used via the tracking pixel, is only carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a GDPR. Without this consent, the use of Youtube videos will be inhibited during your visit to the site.You can revoke the consent which you have given at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website via alternative means which you are notified of on the website. More information about data protection on "Youtube" can be found in the Youtube terms of use at https://www.youtube.com/static?template=terms and in Google's data protection declaration at https://www.google.de/intl/de/policies/privacy
11.2
Use of Vimeo videos
Plugins of the Vimeo video portal of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are incorporated on our website. When you access a page of our website which contains a plugin such as this, your browser establishes a direct connection to the Vimeo servers. The content of the plugin is transmitted directly to your browser by Vimeo and incorporated into the page. By means of this integration, Vimeo receives the information that your browser has accessed the relevant page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted by your browser directly to a Vimeo server in the USA, where it is stored.
If you are logged in to Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. If you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server, where it is stored.
If you do not want Vimeo to directly assign the data collected via our website to your Vimeo account, you must log out of Vimeo before visiting our website.
The purpose and scope of the data collection, the further processing and use of the data by Vimeo, your rights with regard to this and the setting options for protecting your privacy can be found in Vimeo's data protection information: https://vimeo.com/privacy
The Google Analytics tracking tool from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated into the Vimeo videos which are incorporated on our site. This is Vimeo's own tracking mechanism, to which we do not have access and over which we do not have any influence. Google Analytics uses so-called "cookies" for tracking. These are text files which are stored on your computer and make it possible to analyse your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server, whereby it may also be transmitted to the servers of Google LLC. in the USA. All of the above-mentioned processing, particularly the reading out of information on the terminal device which is used via the tracking pixel, will only take place if you have given us your express consent in accordance with Article 6 Para. 1 lit. a GDPR. Vimeo videos will not be used during your visit to the site unless you have given this consent. Your consent can be revoked at any time with effect for the future. To revoke your consent, please deactivate this service in the "Cookie Consent Tool" provided on the website via the alternative options which you were notified of on the website.
11.3 - Google Web Fonts
This site uses so-called web fonts, which are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), to display fonts in a uniform way. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The browser you are using must connect to the Google servers to do this. This can also result in the transmission of personal data to the servers of Google LLC. in the US. In this way, Google will know that our website has been accessed via your IP address. Google Web Fonts are used to present our online content in a uniform and appealing way. This represents a legitimate interest in the sense of Article 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, your computer will use a standard font.
More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/
11.4 Microsoft Power BI
We use the "Microsoft Power BI" service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA for internal visualization of business transactions and user-defined analyses of business processes. Personal customer data may be subject to visualization and analysis procedures and be processed by Microsoft BI for this purpose. In this case, Microsoft processes personal data as an order processing company that is subject to instructions in accordance with Art. 28 GDPR, and is contractually obliged to us to protect this data in accordance with legal requirements. Microsoft uses state of the art encryption methods for this purpose, and guarantees that all data processing procedures will take place in data centres within the EU.
More information about the data protection measures for Power BI can be found at https://www.microsoft.com/de-de/trustcenter/security/powerbi-security.
12) Rights of the affected person
12.1 The applicable data protection law grants you the following rights as an affected person (rights to information and intervention) vis-à-vis the person responsible for the processing of your personal data, whereby reference is made to the cited legal basis for the respective exercise requirements:
- Right to information in accordance with Art. 15 GDPR;
- Right to correction in accordance with Art. 16 GDPR;
- Right to deletion in accordance with Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to information in accordance with Art. 19 GDPR;
- Right to data portability in accordance with Art. 20 GDPR;
- Right to revoke granted consent in accordance with Art. 7 Para. 3 GDPR;
- Right to complain in accordance with Art. 77 GDPR.
12.2 Right to object
If we process your personal data within the scope of a balancing of interests on the basis of our overriding legitimate interest, you have the right to object to this processing with effect for the future at any time, for reasons which arise from your particular situation.
If you exercise your right to object, we will stop processing the data concerned. However, the right to further processing is reserved if we can show that there are compelling legitimate grounds for the processing which outweigh your interests, fundamental rights and freedoms, or if the processing is used to assert, exercise or defend legal claims.
If we process your personal data in order to carry out direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time. You can exercise the objection as described above. If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
13) Duration of storage of personal data
The duration for which personal data is stored is based on the respective legal basis, the purpose of the processing and, if relevant, also based on the respective statutory retention period (e.g. retention periods in accordance with commercial and tax law).
If personal data is processed on the basis of an express consent in accordance with Article 6 Para. 1 lit. a GDPR, the data will be stored until the affected person revokes their consent.
If statutory retention periods exist for data which is processed within the scope of legal or similar obligations on the basis of Article 6 Para. 1 lit. b GDPR, this data will be automatically deleted after the expiry of the retention period, provided that it is no longer required to fulfil or initiate a contract and/or we have no legitimate interest in continuing to store it.
In cases where personal data is processed on the basis of Article 6 Para. 1 lit. f GDPR, it is stored until the affected person exercises their right to object in accordance with Article 21 Para. 1 GDPR, unless we have compelling reasons worthy of protection for processing the data which outweigh the interests, rights and freedoms of the affected person, or if the processing serves to assert, exercise or defend legal claims.
If personal data is being processed for the purpose of direct advertising on the basis of Article 6 Para. 1 lit. f GDPR, it is stored until the affected person exercises their right to object in accordance with Article 21 Para. 2 GDPR.
Unless otherwise stated in the other information in this declaration concerning specific processing situations, personal data which has been stored will be deleted when it is no longer required for the purposes for which it was collected or processed in another way.