Privacy Notice

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

• IP address
• Directory protection userDate and time
• Date and time
• Time of day
• Pages accessed
• logs
• status code
• Data volume
• Referrer
• user agent
• Called host name

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes.  The log files serve to evaluate system security and stability as well as administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. The IP addresses are stored in anonymised form. The anonymised IP addresses are stored for 60 days. Details of the directory protection user used are anonymised after one day.

Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these include the accessing IP address and, depending on the error, the website accessed.

Access via FTP is logged with anonymised details of the user name and IP address and stored for 60 days.

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising.

The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.

The processing of personal data using other cookies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you separately about this in this privacy notice and obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR.

 You can set your browser to   

• be informed about the setting of cookies,
• only allow cookies in individual cases,
• exclude the acceptance of cookies for certain cases or generally,
• activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera

You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at https://www.aboutads.info/choices/ or  http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be "tracked" for behavioural advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

• Google Chrome
• Mozilla Firefox 
• Edge (Microsoft) 
• Safari
• Opera

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

Change cookie settings

You can withdraw or change your cookie settings at any time. To do this, call up the cookie settings in the footer again.

Processing in the context of membership

As part of your membership or application for such membership, we process the personal data you provide for the purpose of contract processing. We process the following personal data as part of your membership:

• first name, surname and title
• e-mail address
• address
• date and time of registration

The legal basis for the collection and processing of data in the context of membership and events is Art. 6 para. 1 lit. b GDPR. In addition, freely given information can be provided (e.g. telephone number, etc.).  The legal basis for the processing of freely given information is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The erasure of this data takes place after expiry of the applicable statutory retention obligations. If we are not subject to any statutory retention obligations, the data will be erased when the purpose no longer applies.

Contact by e-mail

If you send us requests by e-mail, your details from the e-mail, including the contact details you provided there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. We will never pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your enquiry is aimed at concluding a contract. Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

We use the "Microsoft Teams" tool to hold online events and webinars (hereinafter: "online meetings"). "Microsoft Teams" is a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft").

The Controller for data processing directly related to the organisation of "online meetings" is the entity named at the beginning of this privacy notice.

If you access the "Microsoft Teams" website, the provider of "Microsoft Teams" is the Controller for data processing. However, accessing the website is only necessary for the use of "Microsoft Teams" in order to download the software for the use of "Microsoft Teams".

If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service is then also provided via the "Microsoft Teams" website.

When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or when participating in an "online meeting".

The following personal data is subject to processing:

• User details: e.g. display name, email address if applicable, profile picture.
• Meeting metadata: e.g. date, time, telephone numbers, location, topic, description (optional), participant IP addresses, device/hardware information.
• When dialling in by phone: information on the incoming and outgoing phone number, country name, start and end time. Additional connection data, such as the IP address of the device, may also be stored.
• Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.
• For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

We use "Microsoft Teams" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - obtain your consent.

The same applies if the transcription function is activated. If we activate this function - given you have given your consent - the language of the participants will be recognised on an ongoing basis. Microsoft Teams then automatically transcribes this and creates a corresponding log file. In addition, we may create a log of chat messages for the purpose of recording the results of an online meeting. This also only takes place with your consent.

The legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Here, too, we have an interest in the effective organisation of online meetings. In addition, your personal data may be processed on the legal basis of your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR (e.g. when recording webinars).

Personal data that is processed in connection with participation in "online meetings" is in principle not passed on to third parties unless it is intended to be passed on. Please note that content from "online meetings", as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. The provider of "Microsoft Teams" necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our data processing agreement with "Microsoft Teams". We have concluded a data processing agreement with the service provider in which we oblige it to protect our customers' data and not to pass it on to third parties. Microsoft utilises international sub-processors and is affiliated with other companies in countries outside the EU.

As personal data is transferred to Microsoft Corporation, which is based in the USA, further protection mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).  Further information on Microsoft's data protection can be found at https://privacy.microsoft.com/de-de/privacystatement.

We would like to inform you in the following about the processing of personal data in connection with the use of our member network, which is provided by figawa Service GmbH on behalf of figawa.

figawa Service GmbH uses the tool tixxt to provide figawa members with an online communication platform. Tixxt is a service of mixxt GmbH, Adenauerallee 134, 53113 Bonn, Germany, phone: +49(0)228299799771, e-mail: hallo@mixxt.de, website: https://www.tixxt.com.

The Controller for the processing of personal data that is directly related to the use of the figawa network is the entity named at the beginning of this privacy notice.

Note: If you access the tixxt website (https://www.tixxt.com), the mixxt GmbH is Controller for data processing. Further information on data protection at tixxt can be found at https://www.tixxt.com/genesis/legal/privacy/.

Various types of data are processed when you use the figawa network. The scope of the data also depends on the data which you have freely given when using the network.

The following personal data is subject to processing:

• User details: name and address of the company, company website (optional), first and last name and business e-mail address of the user to be registered, profile picture (optional), telephone number (optional), position (optional), membership of technical regulation committees (optional), additional personal details (optional).
• Usage data: e.g. websites visited, interest in content, access times,
• Technical data: e.g. browser, IP addresses, operating system
• Text and image files: You have the option of posting content or links to external content. In this respect, the text entries you make or the image files you post are processed in order to display them in the figawa network and, if necessary, to log them.

The master data and profile details of users as well as their committee memberships are permanently stored in the network upon completion of the registration process and made accessible to other users. Upon termination of the usage arrangements, these are anonymised. The content posted by users in the network is stored there permanently and made accessible to other users of the figawa network.

The legal basis for data processing in the context of the use of the figawa network is the association membership, as a contractual relationship within the meaning of Art. 6 para. 1 p. 1 lit. b GDPR. If there is no contractual relationship, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in the effective preparation of the expert committee meetings that are important for our association's work. In addition, your personal data may also be processed on the legal basis of your consent given during the registration process for the figawa network in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

In principle, personal data processed in connection with the use of the figawa network will not be passed on to third parties who do not have access to this network, unless they are intended to be passed on. Please note that the content you post on the network, similar to content exchanged in face-to-face or digital meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.

The provider of tixxt necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in our data processing agreement with figawa Service GmbH and the data processing agreement between figawa Service GmbH and mixxt GmbH, which corresponds in terms of content.

We have concluded a data processing agreement with figawa Service GmbH and all our service providers in which we oblige them to protect the data of our members and not to pass it on to third parties. This obligation also applies to mixxt GmbH, which is used on our instructions as a so-called sub-processor or sub-service provider. Neither figawa Service GmbH nor the mixxt GmbH commissioned by it use international sub-processors or are associated with other companies based in countries outside the EU.

External links

On our website social media (LinkedIn) is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will only be transferred after the redirection to the respective provider. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.

Social Media

1. Introduction and general information on data processing

The protection of your personal data is very important to us. The following provides information on how we handle your data that is collected through your use of our social media presence on social networks and platforms. Your data will be processed in accordance with the legal regulations.

1.1. General information on the Controller

The Controller named at the beginning of this privacy notice (hereinafter referred to as "we/us") operates websites on social media.

We are joint controllers with LinkedIn for the processing of your personal data in connection with your visit to our presence or our "fan page" on the LinkedIn platform, insofar as they provide us with aggregated information about visitors to our fan page or our presence ("Insights").

Detailed information on the scope of joint controllership processing in relation to LinkedIn can be found in the following sections of this privacy notice.

1.1.1. Joint controllership

The operator of the LinkedIn platform is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810 USA.

We have concluded an agreement with the operator in accordance with Art. 26 GDPR on a joint controller for the processing of your personal data (Controller Addendum). This agreement specifies which data processings we or the respective operator are responsible for when you visit our fan page or our presence on the platform. You can view this agreement at the following link https://legal.linkedin.com/pages-joint-controller-addendum.

1.2. Data transfer and recipients, data transfer to third countries

Insofar as we pass on personal data to LinkedIn, they are "recipients" of the data within the meaning of Art. 4 No. 9 GDPR. Since personal data is transferred to countries outside the EU and the EEA (including the USA) when visiting and interacting with LinkedIn, further safeguards are required to ensure the level of data protection required by the GDPR.

According to the privacy notice (https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=de), LinkedIn uses appropriate measures for third country transfers, including in particular standard data protection clauses, to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU.

1.3. Accessing and storing information in terminal equipment (cookies)

When you visit our LinkedIn page, one or more cookies are set on your terminal device by the provider LinkedIn. Cookies are small text files that are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or they are automatically deleted by your web browser. Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or to display advertising.

By interacting with our LinkedIn page, information (e.g. your IP address) may be accessed or information (e.g. cookies) may be stored in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR. The period of activity or validity of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have any technical questions, please contact the provider of your web browser. Further information on the use of cookies and their legal basis can be found in the privacy notice of the provider LinkedIn. The link to the privacy notice can be found above under "Data transfer and recipients". If you have any further questions, please contact the provider LinkedIn directly.

1.4. Data processing for market research and advertising purposes

Generally, personal data is processed on the company website for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser that enables LinkedIn to recognise your browser when you visit a website. LinkedIn also analyses your interactions on the social media platform extensively. The data collected can be used to create user profiles. These are used to place adverts inside and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the user profiles independently of the devices you use. This is regularly the case if you are a member of the LinkedIn platform and are logged in to it. Further information on this can be found in LinkedIn's privacy notice.

When you visit or interact with our social media presence, we may receive personal data from you, which, unlike in the cases mentioned in section 2 of this privacy notice, we also process on our own responsibility in addition to the provider. This may be information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name).

The provider LinkedIn provides us with information about which LinkedIn users have visited our LinkedIn page. This information is made permanently available to us by LinkedIn without any time limit.

Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy notice. We have a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR in the operation of our social media presence and the associated processing of personal data that you actively publish or make available to us. Our legitimate interest lies in the advertising approach and in providing an effective means of communication and interaction with our company.

1.5. Data processing when contacting

We collect personal data ourselves when you contact us, for example via a contact form or a messenger service. Which data is collected depends on the information you provide and the contact details you provide or share. This data is stored by us for the purpose of processing your enquiry and in the event of follow-up questions. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.

1.6. Data processing for contract execution

If your contact is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the fulfilment of the contract or for the implementation of pre-contractual measures or for the provision of the desired services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it is no longer required to fulfil the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract for the purpose for which you contacted us. Please note, however, that it may be necessary to store personal data of our contractual partners even after conclusion of the contract in order to fulfil contractual or legal obligations.

1.7. Data processing based on consent

If you are asked by LinkedIn for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be withdrawn at any time with effect for the future.

2. LinkedIn presence

2.1. Data processing with regard to "Page Insights" when visiting our LinkedIn presence

When you visit our LinkedIn presence, your personal data will be processed by LinkedIn as the operator of the platform and by us as the operator of our presence within the platform. Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company. or LinkedIn Corporation.), we are joint controllers with LinkedIn (Art. 26 para. 1 GDPR).

LinkedIn Page Insights (https://legal.linkedin.com/pages-joint-controller-addendum) is a function provided by LinkedIn that allows the operator of a LinkedIn site (us) to receive summarised data about the interaction of visitors.

As part of the Page Insights function, LinkedIn analyses your interaction with our LinkedIn presence and also uses the personal information you have provided (professional activity, industry, country, etc.). The analysed data is made available to us by LinkedIn, but only in aggregated form (i.e. LinkedIn does not provide us with specific information on individual users as part of this function, but only summarised information). We use this aggregated data to present our LinkedIn presence in a target group-specific manner and generally to optimise it for the above-mentioned advertising purposes.

We have a legitimate interest in these advertising purposes; the processing of your data is carried out on the basis of Art. 6 para. 1 lit. f GDPR.

You can find information on the purposes that LinkedIn pursues with the processing of your personal data and on the legal basis of this data processing in LinkedIn's privacy notice.

Please note that we have no influence on the data collection and further processing within LinkedIn's Controller. As a result, we cannot provide any information about the scope, location and duration of data storage by LinkedIn. Furthermore, we cannot make any statements about the extent to which Instagram fulfils existing deletion obligations, which evaluations and links are made with the data by LinkedIn and to whom the data is passed on by LinkedIn.

2.2. Your rights as a data subject of the data processing

If, as a visitor to the site, you would like to exercise your rights (information, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection or withdrawal), you can contact both LinkedIn and us. You can (also) restrict the visibility of your LinkedIn account to us via the LinkedIn settings.

For more information on data processing by LinkedIn, please refer to LinkedIn's privacy notice: https://www.linkedin.com/legal/privacy-policy

2.3. Data Protection Officer of LinkedIn

To contact LinkedIn's Data Protection Officer, you can use the contact form at the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

Our website uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to save your IP address.

Google uses cookies to collect information about user behaviour. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

If you have given your consent to the use of Google Maps, the map service provider will also play "Google Fonts", also a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google Fonts enables the use of external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you call up Google Maps. This is necessary so that your browser can also display a visually improved representation of the texts. If your browser does not support this function, a standard font from your computer will be used for display. The integration of these Google fonts by Google takes place via a server call, usually a Google server in the USA. This tells the server which page of our website you have visited. The IP address of the browser of the visitor's terminal device is also stored by Google. Further information on Google Fonts can be found at https://fonts.google.com/.

Since a transfer of personal data by Google to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.

Further information on the handling of user data can be found in Google's privacy notice: https://www.google.de/intl/de/policies/privacy/

Opt-out: https://www.google.com/settings/ads/

Your personal data will not be transferred to recipients outside our company unless

• we have explicitly pointed this out in the description of the respective data processing.
• you have given your explicit consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR,
• the transfer pursuant to Art. 6 para. 1 p. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms,
• there is a legal obligation to transfer data pursuant to Art. 6 para. 1 p. 1 lit. c GDPR, and
• required by Art. 6 para. 1 p. 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

• Rights of access
  The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to complain, the origin of your data if it was not collected by us and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
• Right to rectification
  The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
• Right to erasure
  The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• Right to restriction of data processing
  The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
• Right to portability
  The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
• Right to withdraw the declaration of consent under data protection law
  Right to withdraw consent given in accordance with Art. Para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint with a supervisory authority
  The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to info@figawa.de.

Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

We reserve the right to adapt or update this privacy notice, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy notice: December 2023