Privacy Policy

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other data protection regulations is:

1. FC Union Berlin e.V.

An der Wuhlheide 263

12555 Berlin

Phone: (030) 65 66 88 - 100

Fax: (030) 65 66 88 - 99

E-mail: verein@fc-union-berlin.de

II. Name and address of the data protection officer

The data protection officer of the data controller is:

datarea GmbH

Meißner Straße 103

01445 Radebeul

Germany

Phone: (0351) 2722 0880

E-mail: info@datarea.de

Website: www.datarea.de

III. General information about data processing

1. Scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our content and services. The processing of the personal data of our users is regularly only carried out after the consent of the user has been given. An exception applies in cases in which obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the execution of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or made unavailable as soon as the purpose of the storage no longer applies. Furthermore, storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the data controller is subject. The data will also be made unavailable or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time our internet site is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

(1) Information about the browser type and version used

(2) The operating system of the user

(3) The Internet service provider of the user

(4) The IP address of the user

(5) Date and time of access

(6) Websites from which the user's system accesses our internet site

(7) Websites that are accessed by the user's system via our website

(8) Name and URL of the file accessed

(9) Message as to whether the retrieval was successful

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

4. Data storage period

Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected for the provision of the website, this is the case when the corresponding session has ended.

When data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or masked so that an identification of the accessing client is no longer possible.

5. Possibility of objection and deletion

The collection of data for the provision of the website and the storage of the data in log files are essential for the operation of the internet site. Consequently, there is no possibility for the user to object.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our internet site require that the accessing browser can be identified even after a change of page.

The following data is stored and transferred in the cookies:

(1) Language settings

(2) Browser type/ browser version

(3) Operating system used

(4) Referral URL

(5) Host name of the accessing computer

(6) Time of the server request

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our internet site cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

We require cookies for the following applications:

(1) To establish contact

(2) For association enquiries, service enquiries

(3) To request information

(4) To assume language settings

(5) To record search terms

The user data collected through technically necessary cookies is not used to create user profiles.

These purposes also constitute our legitimate interest in processing personal data according to Art. 6 para. 1 lit. f GDPR.

e) Data storage period, possibility of objection and deletion

Cookies are stored on the user's computer and transferred to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

VI. Contact form and e-mail contact

1. Description and scope of data processing

Our Internet site includes a contact form that can be used to contact us electronically. If a user makes use of this possibility, the data entered in the online form is transferred to us and stored. This data includes:

At the time the message is sent, the following data is also stored:

The IP address of the user

Date and time of the establishment of the contact

(1) Area / Topic

(2) Name

(3) First name

(4) E-mail

(5) Message

(6) Callback requested

(7) Telephone number for callback

In order to process the data, your consent is obtained during the submission process and reference is made to this data protection declaration.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transferred with the e-mail will be stored.

In this context, no data will be passed on to third parties. The data is used exclusively for the processing of the conversation.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

The legal basis for processing the data transferred when sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact is intended for the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of the personal data from the online form is solely for us to process the establishment of the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Data storage period

Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the online contact form and the data sent by e-mail, this is the case when the corresponding conversation with the user has ended. The conversation is ended when the circumstances indicate that the issue in question has been conclusively clarified.

The additional personal data collected during the submission process is deleted after a period of seven days at the latest.

5. Possibility of objection and deletion

The user has the option to revoke his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

1. FC Union Berlin e.V.

An der Wuhlheide 263

12555 Berlin

Phone: (030) 65 66 88 - 100

Fax: (030) 65 66 88 - 99

E-mail: verein@fc-union-berlin.de

This can be done in writing by post or by e-mail.

All personal data stored in the course of establishing contact will be deleted in this case.

VII. Newsletter

a) Description and scope of data processing

On our internet site, you have the possibility of subscribing to a free newsletter. When registering for the newsletter, the data from the online registration form will be transferred to us. For the registration, we ask for an e-mail address.

In addition, the following data will be collected during registration:

(1) IP address of the accessing computer

(2) Date and time of registration

In order to process the data, your consent is obtained during the registration process and reference is made to this data protection declaration.

No data will be passed on to third parties in connection with the data processing required for sending newsletters. The data will be used exclusively for sending the newsletter.

6. Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

7. Purpose of data processing

The user's e-mail address is collected in order to deliver the newsletter.

In the newsletter you will receive current information about the club as well as interesting offers from 1. FC Union Berlin e. V. and its cooperation partners. This may include offers from the Pay TV platform of our cooperation partner Sky, as well as offers on sports articles and the like from our partner Adidas.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

8. Data storage period

Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

9. Possibility of objection and deletion

The subscription to the newsletter can be cancelled by the user concerned at any time. There is a link to this effect in every newsletter.

You can also unsubscribe from the newsletter using the unsubscribe function on the homepage of Union Berlin at www.fc-union-berlin.de.

This also enables the revocation of consent to the storage of personal data collected during the registration process.

VIII. Disclosure of personal data to third parties

1. For the fulfilment of the contract

a) Logistics and shipping companies

Within the framework of the fulfilment of the contract, your personal data will be forwarded to logistics and shipping companies.

aa) Legal basis for the processing of personal data

The legal basis for the processing or forwarding of personal data to logistics and shipping companies is Art. 6 para. 1 lit. b GDPR.

bb) Purpose for the processing or forwarding of personal data

The purpose of the processing or forwarding of your personal data is the fulfilment of the contractual obligation, in particular the delivery of the service of the contract.

b) Credit institutions, payment service providers and billing companies (e.g. PayPal, credit card companies, collection service providers)

aa) Legal basis for the processing of personal data

The legal basis for the processing or forwarding of personal data to logistics and shipping companies is Art. 6 para. 1 lit. b GDPR, and for the enforcement of due receivables, Art. 6 para. 1 lit. f GDPR.

bb) Purpose for the processing or forwarding of personal data

The purpose of the processing and forwarding is the billing and collection of contractual receivables and invoices for the fulfilment of contractual relationships

c) Data storage period for a) and b)

As a rule, the collected data is deleted as soon as it is no longer required. Deletion therefore takes place at the latest when the relevant statutory retention periods expire. These are usually between 3 and 10 years.

d) Possibility of objection and deletion

As a user, you have the option to revoke the processing at any time. You can also have the data stored about you amended at any time.

If the data is required to fulfil a contract or to carry out pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

2. Google Analytics

a) Scope of the processing of personal data

This website uses Google Analytics a web analytics service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Analytics uses cookies that are stored on your computer and allow an analysis of your use of this website. This involves cookies from Google itself and so-called third-party cookies. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. For data protection compliant processing, we use the code "gat. anonymizeIp();" to ensure anonymised collection of IP addresses (so-called IP masking).

b) Legal basis for the processing of personal data

The legal basis for the processing of personal data for the use of Google Analytics is Art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of data in the event of the user's consent is Art. 6 para. 1 lit. a GDPR.

c) Purpose of data processing

This website uses Google Analytics to enable an analysis of usage. The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f GDPR. By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

d) Data storage period

As a rule, the collected data is deleted as soon as it is no longer required. Deletion therefore takes place at the latest upon expiry of the relevant statutory retention periods. These are usually between 3 and 10 years.

e) Possibility of objection and deletion

The personal data of the data subject will be deleted or made unavailable as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the data controller is subject. The data will also be made unavailable or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

3. Google Dynamic Remarketing

We use "Google Dynamic Remarketing" on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Dynamic Remarketing enables us to show you our advertisements when you continue to use the internet after visiting our website. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behaviour when visiting various websites. In this way, Google can determine your previous visit to our website. According to Google, the data collected in the course of remarketing is not merged with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.

We use Google Dynamic Remarketing for marketing and optimisation purposes, in particular to serve relevant and interesting ads to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functionality of our website to its fullest extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link https://optout.aboutads.info/?c=2&lang=EN. Please note that this setting will also be deleted when you delete your cookies.

Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Further information on data use by Google, on settings and objection options, and on data protection can be found on the following Google web pages:

Data protection declaration: https://policies.google.com/privacy?hl=de&gl=de
Google website statistics: https://services.google.com/sitestats/de.html

4. Google Publisher Tags

We use "Google Publisher Tags" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google stores and processes information about your user behaviour on our website. For this purpose, Google uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of your use of our website.

We use Google Publisher Tags for marketing and optimisation purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers, as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

Please note that this setting will be deleted when you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. In addition, you can prevent the execution of Java-Script code altogether by installing a Java-Script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). Please note that in this case you may not be able to use all the functionality of our website to its fullest extent.

Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Further information from the third-party provider on data protection can be found on the following website: https://policies.google.com/privacy?hl=de&gl=de

5. Twitter Ads

We use "Twitter Ads" on our website, a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter referred to as: "Twitter"). Twitter Ads stores and processes information about your user behaviour on our website. For this purpose, Twitter Ads uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of your use of our website.

We use Twitter Ads for marketing and optimisation purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

Information from the third-party provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. Further information from the third-party provider on data protection can be found on the following website: https://twitter.com/de/privacy

6. Google Tag Manager

Information from the third-party provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. You can find more information about the data protection of the third-party provider on the following website: https://twitter.com/de/privacy

IX. Third-party presences (Google Maps, YouTube etc.)

1. Facebook-Plugins (Like-Button)

Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognise the Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plugins here:

https://developers.facebook.com/docs/plugins.

When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transferred data or its use by Facebook. For more information, please see Facebook's privacy policy at https://de-de.facebook.com/policy.php. If you do not wish Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

2. Twitter

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transferred data or its use by Twitter. You can find more information on this in Twitter's privacy policy at https://twitter.com/privacy.

You can change your privacy settings on Twitter in the account settings at:

https://twitter.com/account/settings

3. Instagram

Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transferred data or its use by Instagram. You can find more information on this in Instagram's privacy policy:

https://instagram.com/about/legal/privacy/.

X. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with regard to the data controller:

1. Right of access

You may request confirmation from the data controller as to whether personal data relating to you is being processed by us.

If such processing takes place, you can request information from the data controller about the following:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned storage period for the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the data controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 paras. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

2. Right of rectification

You have a right of rectification and/or completion with regard to the data controller if the processed personal data concerning you is inaccurate or incomplete. The data controller will make the rectification without undue delay.

3. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you over a period of time that enables the data controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of the use of the personal data;

(3) if the data controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims, or

(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the data controller outweigh your grounds.

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of its storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right of erasure

a) Obligation to erase

You may request the data controller to erase the personal data concerning you without delay and the data controller is obliged to erase this data without delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 a or Art. 9 para. 2 a GDPR and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the data controller is subject.

(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the data controller has made personal data concerning you public and he is obliged to erase it pursuant to Art. 17 para. 1 GDPR, he will take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

c) Exceptions

The right of erasure does not exist insofar as the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the data controller is subject or for the fulfilment of a task carried out in the public interest or in the exercise of official authority vested in the data controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 paras. 2 h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, where the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5) for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the data controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed of these recipients by the data controller.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another data controller without hindrance from the data controller to whom the personal data has been provided, provided that

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one data controller to another, insofar as this is technically feasible. This must not affect the freedoms and rights of other people.

The right to data portability will not apply to processing of personal data necessary for the fulfilment of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 e or f GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures based on technical specifications.

8. Right to retract your declaration of consent under data protection law

You have the right to retract your declaration of consent under data protection law at any time. This revocation of consent does not affect the lawfulness of the processing carried out on the basis of your consent until the revocation.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or fulfilment of a contract between you and the data controller,

(2) is authorised by legislation of the Union or the Member States to which the data controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) occurs with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller will take reasonable steps to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the data controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

The competent supervisory authority for us is:

Berlin Commissioner for Data Protection and Freedom of Information

Maja Smoltczyk

An der Urania 4-10

10787 Berlin

Phone: (030) 138 89-0

Fax: (030) 215 50 50

E-mail: mailbox@datenschutz-berlin.de