Privacy Policy

A. Privacy declaration for Sandbox Interactive GmbH (albiononline.com)

The information in this declaration applies to the processing of personal data on or via our website and is intended in particular to inform you of the scope of processing, the purposes of processing, the recipients, legal bases, storage periods and your rights. Personal data are all information relating to an identified or identifiable natural person, i.e. a person (hereinafter also referred to as "data subject"), including for example your name, your address or your e-mail address. Processing" of personal data means in particular the collection, storage, use and transmission of such data.

I. Name and Address of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Sandbox Interactive GmbH
Pappelallee 78
10437 Berlin
Germany
E-Mail: info@sandbox-interactive.com
Website: albiononline.com

II. Contact data of the data protection officer

The data protection officer can be consulted under the following contact details:

Sandbox Interactive GmbH
Data Protection Officer –
Pappelallee 78
10437 Berlin

Germany
E-Mail: privacy@sandbox-interactive.com
Website: albiononline.com

III. General information data processing

1. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, legal basis is Art. 6 para. 1 lit. a GDPR.

Insofar as the processing of personal data is required for the performance of a contract to which the data subject is a party, legal basis is Art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, legal basis is Art. 6 para. 1 lit. c GDPR.

If processing of data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, legal basis is Art. 6 para. 1 lit. f GDPR.

2. Data deletion and storage time

The personal data of the data subject will be deleted or processing restricted as soon as the purpose of storage ceases to apply. In certain cases, data can be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject.

IV. Provision of the website and creation of log files

1. Description and extent of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing device (computer, smartphone, tablet, etc.).

The following data is collected:

  • Information about the browser type and version used

  • The operating system of the accessing device

  • The IP address of the accessing device

  • Date and time of access

  • Websites from which the system of the accessing device reaches our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's device. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website.

In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing also lies in these purposes.

4. Storage time

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this will happen after seven days at the latest. Further storage is possible. In this case, however, the IP addresses of the users are deleted or made anonymous, so that an identification of the accessing client is no longer possible.

5. Recipient of the data and transfer to a third country

As part of the provision of our Internet presence, we forward the aforementioned personal data to International Business Machines Corp. (IBM), 1 New Orchard Rd, Armonk, New York 10504, USA, which takes over hosting as processor with the Softlayer service (cf. Art. 28 GDPR). Your personal data will be processed by IBM in the USA on our behalf in the scope of hosting.

A transfer to IBM Corp. in the USA as a third country within the meaning of the GDPR is permissible according to Art. 44, 45 GDPR, since an appropriate level of data protection is given for the USA in relation to this company.

On the basis of Art 25 para. 6 EU-Personal data directive (1995), the EU Commission has issued an adequacy decision in the form of the so-called EU-US Privacy Shield. The EU-US Privacy Shield is an intergovernmental agreement between the United States and the European Union. This agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. A self-certification procedure by the companies under the supervision of the US authorities ensures that only companies that respect data protection equivalent to that of the EU process personal data from the EU in the USA. IBM Corp. is certified according to the requirements of the EU-US Privacy Shield. This ensures an adequate level of protection for the designated recipients despite the lack of an adequacy resolution by the EU Commission within the meaning of Art. 45 GDPR.

V. Usage of Cookies

1. Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

The following data is stored and transmitted in the cookies:

  • Language settings

  • Log-in information

  • Anonymized User IDUser ID

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para 1 lit. f GDPR.

3. Purpose of data processing

The purpose of using cookies is to simplify the use of our website for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a change of pages within our internet presence. The cookies are not used to create user profiles.

We need cookies for the following applications:

  • Possibility of accepting language settings

  • Technical implementation of the log-in function

  • Anonymized usage analysis using anonymized user ID

The anonymous user ID is used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

In these purposes is also our legitimate interest in the processing of personal data.

4. Storage time

Cookies are stored on your device with which you access our website and are transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website.

VI. Newsletter

1. Description and extent of data processing

If you register on our website for Albion Online and provide us with your e-mail address, we may subsequently use this for sending you a newsletter in which we inform you at regular intervals about news in connection with Albion Online (e.g. about patches, updates, community events, special promotions etc.). The data from the input mask is transferred to us during registration:

  • E-mail address

In addition, the following data is collected upon registration:

  • IP address of the accessing device

  • The date and time of registration

2. Legal basis for data processing

The legal basis for sending the newsletter and the related processing of the e-mail address is Article 7 para. 3 UWG and/or Art. 13 para. 2 of the EU Privacy Directive (2002/58/EC)

The legal basis for the collection of further personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

In this regard, the collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. This also constitutes our legitimate interest in the processing.

4. Storage time

The data will be deleted as soon as the purpose of its collection is no longer given. The user's e-mail address will therefore be stored until the user objects to receiving the newsletter. If we need the user's e-mail address for further purposes (see further details in this data privacy declaration), the deletion will be replaced by the corresponding restriction on processing, i.e. we will no longer use the e-mail address for sending the newsletter.

The other personal data collected during the registration process will generally be deleted after a period of seven days.

5. Possibility of opposition and elimination

The affected user can object to the dispatch of the newsletter at any time. For this purpose there is a corresponding link in every newsletter. Furthermore, the user can unsubscribe from the newsletter in his account settings. For the contradiction no other costs arise than the transmission costs according to the basic rates.

6. Recipients of the data and transfer to a third country

As part of sending the newsletter, we will forward your e-mail address to The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (provider of the newsletter distribution platform "MailChimp") or SendGrid Inc. 1801 California Street, Denver, CO 8020, USA. The Rocket Science Group, LLC and SendGrid Inc. are newsletter management service providers who take over the dispatch of our newsletter for us as contract processors (cf. Art. 28 GDPR). Your personal data will be processed by these companies in the USA on our behalf within the scope of the newsletter dispatch.

Transmission to The Rocket Science Group, LLC and SendGrid Inc. in the USA is permitted. The Rocket Science Group, LLC and SendGrid Inc. have each been certified according to the requirements of the EU-US Privacy Shield. Details on the Privacy Shield can be found in Section IV No. 5 of this data privacy declaration.

VII. User requests by contact form, E-Mail and Facebook

1. Description and extent of data processing

There is a contact form on our website which can be used for making contact. If a user uses this option, the data entered in the input mask is transmitted and saved including the time of the request. In addition, the IP address of the used device is stored.

It is also possible to contact us via the e-mail address provided on our website. In this case, the user's personal data transmitted via e-mail will be stored.

In addition, contact via Facebook is possible. You can write us a message from your Facebook profile. The name of your Facebook profile and, if applicable, your clear name will be transferred to us.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR and, insofar as the personal data are processed for the execution of a contract, Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

Purpose of data processing is the handling of requests, in particular support requests for technical problems with the game and the handling of other questions. The processing of personal data serves us solely to handle the contact approach. This is also our legitimate interest in the processing of the data.

4. Storage time

The data will be deleted as soon as the purpose of its collection is no longer given. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is finished when the circumstances indicate that the matter in question has been solved.

If data is collected in the course of e-mail communication which we are obliged to store due to tax, commercial law or other regulations, it will not be deleted until the respective legal retention or storage periods have expired. The legal basis for this data storage is Art. 6 para. 1 lit. c GDPR.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Recipient of the data and transfer to a third country

Within the scope of user inquiries, we forward the aforementioned data to the service provider Zendesk Inc. 1019 Market St, San Francisco, CA 94103, USA, which takes over the organisational handling of user inquiries including a so-called ticket system as a processor (cf. Art. 28 GDPR). Your personal data will be processed by Zendesk in the USA on our behalf in the course of processing user inquiries. The content of the enquiries will be processed by us.

A transfer to Zendesk Inc. in the USA is permitted. Zendesk Inc. is certified according to the requirements of the EU-US Privacy Shield. Details on the Privacy Shield can be found in Section IV No. 5 of this data protection declaration.

VIII. Registration

1. Description and extent of data processing

On our website, we offer users the opportunity to register for the Albion Online game by providing personal data. The data is entered into an input mask and transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process:

  • E-mail address

  • Password

At the time of registration, the following data is also stored:

  • The IP address of the user

  • The date and time of registration

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

A registration of the user is necessary for the fulfilment of the contract with the user and/or for the execution of pre-contractual measures.

The user and Sandbox Interactive GmbH conclude a contract for the use of the game Albion Online (more details in the terms of use of Sandbox Interactive GmbH). The personal data provided are used to identify the user by creating a user account. The creation of the user account enables the user to participate in the online game Albion Online and to create, manage and use his own characters in the context of the game.

4. Storage time

The data will be deleted as soon as the purpose of its collection is no longer given. For the data collected during the registration process, this is usually the case when the user contract is terminated and the user's account is deleted.

If data is collected in the course of the registration which we are obliged to store due to tax, commercial law or other regulations, it will not be deleted until the respective legal retention or storage periods have expired. The legal basis for this data storage is Art. 6 para. 1 lit. c GDPR.

5. Possibility of opposition and elimination

As a user you have the possibility to cancel the registration at any time. Write us a message at the following address:

E-mail: support@albiononline.com

Web: https://albiononline.com/en/profile/support

If the data is required to fulfil a contract or to carry out pre-contractual measures or if there are legal storage obligations, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. If deletion is not possible, processing may be restricted.

6. Recipient of the data and transfer to a third country

As part of the registration process, we transfer the above personal data to International Business Machines Corp. (IBM), 1 New Orchard Rd, Armonk, New York 10504, USA, which is responsible for hosting as a processor (cf. Art. 28 GDPR) with the Softlayer service. Your personal data will be processed by IBM in the USA on our behalf in the course of hosting.

A transfer to IBM Corp. in the USA is permissible, as an appropriate level of data protection is provided for this company in the USA. IBM Corp. is certified according to the requirements of the EU-US Privacy Shield. Details on Privacy Shield can be found in Section IV No. 5 of this data protection declaration.

IX. Gaming operation

1. Description and extent of data processing

As part of the provision of the game Albion Online, we store and process the datasets necessary for the operation of the game and website. For this purpose, we also store data in logs when using the game. Logs are protocols of certain technical contents.

In-game-storage and processing includes the following data:

  • Time of the log-ins

  • IP address

  • Information about actions in the game

  • Progress of the game

  • News

  • User messages/chat protocols

  • Information on operating systems and hardware used

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR and, insofar as the personal data are processed for the execution of a contract, Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The purpose of data processing is the technical implementation and the provision and operation of the game. The specific purpose of saving the logs is a technical improvement of the game Albion Online (quality assurance). To prevent program crashes and other malfunctions (in the future) it is necessary to record and analyze them. In case of a crash of Albion Online or a problem in the game process, an error analysis can be performed by reading the logs in connection with your IP and ID and information about the device used. The chat logs are stored in order to be able to trace the respective chats in case of complaints, e.g. because of insults.

These purposes also constitute our legitimate interest in the processing of personal data.

4. Storage time

The data will be deleted as soon as the purpose of its collection is no longer given. This is the case as soon as the data is no longer required for the use and provision of the game, for example if you have deleted your account and there are no further reasons for storing the data. The log data is kept as long as it is required for the purpose of analysis and diagnosis of the cause of the crash or malfunctions. As a rule, the data is deleted immediately after the facts have been clarified, but at the latest after 30 days. The chat logs are usually deleted after 30 days.

If certain data is collected in the course of gaming operations which we are obliged to store due to tax, commercial law or other regulations, it will not be deleted until the respective legal retention or storage periods have expired. The legal basis for this data storage is Art. 6 para. 1 lit. c GDPR.

5. Recipients of the data and transfer to a third country

As part of our gaming operations, we share your information with various companies in Canada and the USA.

We forward the log data to OHV Canada, 50 Rue de l'Aluminerie, Beauharnois, QC J6N 0C2, Canada, that stores the logs for quality assurance as a processor (cf. Art. 28 GDPR). Your personal data will be processed by these companies in Canada on our behalf for quality assurance purposes.

A transfer to OHV to Canada as a third country within the meaning of the GDPR is permissible according to Art. 44, 45 GDPR, as an adequate level of data protection is given for Canada in relation to this company.

On the basis of Art. 25 para. 6 EU-data privacy directive(1995), the EU Commission has issued an adequacy decision (2002/2/EC) for Canada, i.e. there is an intergovernmental agreement between Canada and the European Union. This agreement regulates the protection of personal data transferred to Canada from a member state of the European Union. Accordingly, private companies subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) are required to provide adequate data protection. This ensures an adequate level of protection for the processor OHV despite the lack of an adequacy decision by the EU Commission within the meaning of Art. 45 GDPR.

We will forward your data to Backblaze Inc, 500 Ben Franklin Ct San Mateo, CA 94401, USA, which takes over backup services for the log data as a processor (cf. Art. 28 GDPR) within the scope of quality assurance. Your personal data will be processed by this company in the USA on our behalf for quality assurance purposes.

We will also forward your data to Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043 USA, which handles quality assurance as a contract processor using the Crashlytics tool (cf. Art. 28 GDPR). Your personal data will be processed by this company in the USA on our behalf for quality assurance purposes.

As part of our gaming operations, we transfer the aforementioned personal data to International Business Machines Corp. (IBM), 1 New Orchard Rd, Armonk, New York 10504, USA, which takes over hosting as contract processor with the Softlayer service (cf. Art. 28 GDPR). Your personal data will be processed by IBM in the USA on our behalf in the context of hosting.

A transmission to Backblaze Inc., Google Inc. and IBM Corp. is permitted. The companies have been certified according to the requirements of the EU-US Privacy Shield. Details on Privacy Shield can be found in Section IV No. 5 of this data privacy declaration.

X. Payment and verification of payment

1. Description and extent of data processing

When paying for digital goods in our shop, it is important to us to monitor the security of payment transactions and the legitimacy of the payment and thus also to protect your payment data from potential misuse. As part of the payment process in the shop, the following data, among others, are processed by us:

  • IP

  • E-mail address

  • Language in which the shop is used

  • Account ID

  • Order information

The payment data (account number, credit card number, etc.) are expressly not collected by us, but by the corresponding payment service providers. For the processing of the payment we primarily work with the European service provider Adyen BV.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR and, insofar as the personal data are processed for the execution of a contract, Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

Purpose of data processing is to manage the payment transaction and to verify its legality, in particular to prevent fraud and to settle any disputes on payment. This is also our legitimate interest in the processing.

4. Storage time

The data will be deleted as soon as the purpose of its collection is no longer given. This is the case as soon as the check for the corresponding payment transaction has been completed and it has been ensured that the corresponding payment was made legally.

If data is collected in the course of payment operations which we are obliged to store due to tax, commercial law or other regulations, it will not be deleted until the respective legal retention or storage periods have expired. The legal basis for this data storage is Art. 6 para. 1 lit. c GDPR.

5. Recipients of the data (and transfer to a third country)

As part of the payment, we will forward the data specified under point X. No. 1. to the service provider Adyen BV, Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands. Adyen then collects the data relevant for the payment as contract processor (cf. Art. 28 GDPR) for us and processes the payment. Adyen only stores your payment data in Europe.

As part of the payment via PayPal, Adyen will forward the information described in section X. No. 1. to the payment service provider PayPal Inc. so that PayPal Inc. can execute your payment. The further payment, in particular the collection of payment data, will then be made via PayPal Inc via your PayPal account. This is governed by the privacy policy of PayPal Inc.

As part of the payment, we shall also forward the information specified under point X. No. 1. to the service provider iovation Inc, 555 SW Oak Street, #300, Portland, OR 97204, USA, who takes over the security and monitoring of payment transactions as contract processor (see Art. 28 GDPR). Iovation is a service provider for monitoring and checking payment transactions. Your personal data will be processed by these companies in the USA on our behalf as part of the payment process.

A transfer to Iovation Inc. in the USA is permitted. Iovation Inc. is certified according to the requirements of the EU-US Privacy Shield. Details on the Privacy Shield can be found in Section IV No. 5 of this data protection declaration.

XI. Facebook

1. Description and extent of data processing

Our website uses the Custom Audiences service of the social network facebook.com, which is operated by Facebook Inc. This service is used to present interest-based advertisements ("Facebook ads") to visitors of our website as part of their visit to the social network Facebook. For this purpose, the remarketing function of Facebook has been implemented on this website (so-called Facebook pixels). This provides a direct connection to the Facebook servers when you visit our website. The information that you have visited this website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook account if you have one. The default setting is that "advanced matching feature" is not used. This means that we do not submit any email addresses or names of our users to Facebook.

For more information about Facebook's collection and use of the data and your rights and choices about protecting your privacy, please see Facebook's privacy policy at https://www.facebook.com/about/privacy/.

2. Legal basis for data processing

The legal basis for the processing and forwarding of data to Facebook is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

Purpose of data processing is advertising. This is also our legitimate interest.

4. Storage time, Possibility of opposition and elimination

You can prevent the Facebook pixel function and the associated transmission of your data to Facebook by clicking on the "Opt-Out" logout link displayed. Then the Facebook pixel is deactivated and no (more) data is exchanged with Facebook in this way.

Please note that deactivation only applies to the device and browser in which you activated the link. If you open our site from a different device or browser, you must click the unsubscribe link again.

5. Recipient of the data and transfer to a third country

When using the Facebook pixel, data is forwarded to Facebook Inc, 1601 Willow Road Menlo Park, CA 94025 USA. Your data will be processed by these companies in the USA as part of their use of the Facebook pixel.

A transmission to Facebook Inc. in the USA is permitted. Facebook Inc. is certified according to the requirements of the EU-US Privacy Shield. Details on the Privacy Shield can be found in Section IV No. 5 of this data protection declaration.

XII. Webanalysis with Google Analytics

1. Description and extent of data processing

Our website uses Google Universal Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Universal Analytics uses "cookies", which are text files placed on users' computers, to help the website analyze how users use the site. The information generated by the cookie about the use of the website by users is generally transferred to a Google server in the USA and stored there. IP anonymization has been activated on this website so that the IP addresses of users of Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area are previously shortened. In some cases, the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by the users, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Universal Analytics is not merged with other Google data.

2. Legal basis for data processing

The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The processing of user data by Google Analytics enables us to analyze the surfing behavior of our users. We are able to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in the processing of the data. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

4. Storage time

Cookies are stored on the user's device and transmitted to our site from there. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website.

You can object to the collection of data described above at any time with effect for the future by using the deactivation add-on for browsers from Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=en.

There won't be data transferred to Google Universal Analytics anymore.

You can also prevent data collection by Google Universal Analytics by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on terms of use and data protection can be found at:

https://www.google.com/analytics/terms/us.html

https://www.google.com/intl/en/analytics/privacyoverview.html

https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=2790009

5. Recipient of the data and transfer to a third country

The recipient of the data is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043 USA. For the cases in which personal data is transferred to the USA, a transfer to Google Inc. in the USA is permitted. The company has been certified according to the requirements of the EU-US Privacy Shield. Details on the Privacy Shield can be found in Section IV No. 5 of this data protection declaration.

XIII. Other recipients of personal data (EU only)

For the provision of our website and the offered contact possibilities, we make use of other service providers, including host providers and e-mail providers, each based in the European Union, who process the data stored by them exclusively on our behalf as processors according to Art. 28 GDPR.

XIV. Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller (in the case of the fulfilment of further conditions regulated in the relevant regulations, if applicable):

  • The right of access according to Art. 15 GDPR

  • The right to rectification according to Art. 16 GDPR

  • The right to erasure ("right to be forgotten") according to Art. 17 GDPR

  • The right to restriction of processing according to Art. 18 GDPR

  • The right to a notification according to Art. 19 GDPR

  • The right to data portability according to Art. 20 GDPR

  • The right to object according to Art. 21 GDPR

  • The right not to be subject to a decision based solely on automated processing according to Art. 22 GDPR

  • The right to withdraw consent to the processing of personal data according to Art. 7 para. 3 GDPR

To assert these rights, please contact our data protection officer.

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you infringes the GDPR.