We are happy about your visit on our website. Since the protection of your personal data is particularly important to us, we would like to inform you in the following about the data processing that takes place in connection with our website https://artsocks.co/.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.
The legislator requires that personal data are processed processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’). In order to ensure this, we first inform you in this section about the individual legal definitions which are also used in this data protection declaration:
1.1. Personal data
"Personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.3. Restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
1.6. Filing system
"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
"Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
1.10. Third party
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Lawfulness of processing
The processing of personal data shall be lawful only if there is a legal basis for the processing. Pursuant to Article 6 (1) sentence 1 letters a) to f) of the GDPR, the legal basis for the processing may be, in particular:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3. Purely informative use of our website
In this section we inform you about which data is processed by us if you use our website purely for information purposes, i.e. if you do not actively transmit data when visiting our website.
When you view our website, we collect the following data in so-called log files, which are technically necessary for us to be able to show you our website and to guarantee its stability and security:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transmitted in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
We are entitled to collect and store this data in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR, as we have a legitimate interest in the security and stability of our website. They are automatically deleted after seven days at the latest, unless there is a justified suspicion of unlawful action.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your end device and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.
3.2.1. Required cookies
We are entitled to use these cookies in accordance with Art. 6 para. 1 sentence 1 letter f) EU-GDPR, as we have a legitimate interest in the functionality and correct display of our website.
3.2.2. Tracking for range measurement & control of advertising
When you visit our website for the first time, we will ask you for your explicit consent that we may set cookies for the aforementioned purposes. The legal basis for this data processing is therefore Art. 6 para. 1 sentence 1 letter a) GDPR.
3.2.3. Cookie settings
Of course you can also access our website without cookies. However, if you wish to use our website fully or conveniently, you should accept cookies. Most web browsers are preset by default to accept cookies. However, you have the option of setting your browser to display cookies before they are saved, to accept or reject only certain cookies or to reject cookies in general. Please note that changes to settings always only affect the respective browser. If you use different browsers or change the terminal device, you will have to make the settings again. Furthermore, you can delete cookies from your storage medium at any time. Information on the cookie settings, changing them and deleting cookies can be found in the help section of your web browser.
4. Use of our webshop
If you want to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory data necessary for the processing of contracts are marked separately, further data are voluntary. We process the data provided by you to process your order. For this purpose we can also pass on your payment data to our house bank.
The legal basis for this is Art. 6 para. 1 sentence 1 letter b) GDPR, according to which personal data may be processed for the fulfilment of a contract.
4.1. Duration of storage
We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. After two years, however, we will restrict processing, i.e. your data will then only be used to comply with legal obligations.
4.2. Payment service provider
We offer several payment methods for the use of our webshop and use different payment service providers. Depending on which payment method you choose, different data is transmitted to the respective payment service provider. The legal basis for the transmission is also Art. 6 para. 1 sentence 1 letter b) GDPR, as the payment data is required to process the contract with you.
If you decide to pay by PayPal, your personal data will be transmitted to PayPal. The prerequisite for using PayPal is the opening of a PayPal account. When using or opening a PayPal account, your name, address, telephone number and e-mail address must be submitted to PayPal. The legal basis for the transmission of data is Art. 6 para. 1 letter a GDPR (consent) and Art. 6 para. 1 letter b GDPR (processing for the performance of a contract).
Operator of the payment service PayPal is the:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
4.2.2. Shopify payments (Stripe)
If you choose a payment method other than PayPal, it will be made through the "Shopify Payments" service, an offer from Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Behind it is the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, ("Stripe"). These companies therefore receive payment data as part of the payment. Information provided during the ordering process, together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) is passed on. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider. You can find more information on data protection at https://stripe.com/de/terms and https://www.shopify.com/legal/privacy.
Our online shop uses the shop system of the provider Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify"). We use the services of Shopify for the purpose of hosting and displaying the online shop.
4.3.1 General data processing by Shopify
All data collected on our website is processed on Shopify's servers. In this context, personal data may also be transmitted to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, an adequate level of data protection is guaranteed in accordance with the adequacy finding of the European Commission under Art 45 GDPR. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA have submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. In accordance with the decision of the European Commission of 12.07.2016, data transmission to the USA in compliance with the provisions of the agreement offers an adequate level of protection within the meaning of Art. 45 GDPR.
The legal basis for the use of Shopify is Art. 6 para. 1 sentence 1 letter f) GDPR. We have a legitimate interest in using external service providers for effective and simple order processing.
You can obtain further information under https://www.shopify.com/legal/privacy.
The following cookies are set during the use of Shopify:
|Name of the coookies||Function of the cookies|
Used in connection with access to admin.
Used in connection with shopping cart.
Used in connection with navigation through a storefront.
Used in connection with shopping cart.
Used in connection with checkout.
Used in connection with checkout.
Used in connection with checkout.
Used in connection with checkout.
Used in connection with customer login.
Used in connection with customer login.
Reach measurement & Marketing
|Name of the coookies||Function of the cookies|
Track landing pages.
Track landing pages.
Shopify analytics relating to marketing & referrals.
Shopify analytics relating to marketing & referrals.
Shopify analytics relating to checkout.
If you wish to receive our newsletter, we will ask you for your explicit consent that we may process your e-mail address and the other data provided. Your consent therefore forms the legal basis for this data processing in accordance with Art. 6 Paragraph 1 S. 1 Letter a) GDPR.
Your e-mail address is the only compulsory information for the sending of the newsletter. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter.
We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The newsletter is sent via "Klaviyo", 225 Franklin St, Boston, MA 02110, USA. The e-mail addresses of our newsletter recipients, as well as their other data described in these notes, are stored on the servers of Klaviyo in the USA. Klaviyo uses this information to send and evaluate the newsletter on our behalf.
Furthermore, according to its own information, Klaviyo may use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. However, Klaviyo does not use the data of our newsletter recipients to address them itself or to pass them on to third parties.
You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail or by sending an e-mail to firstname.lastname@example.org.
6. Contact form
If you would like to contact us via our contact form, we ask you for your explicit consent that your e-mail address and the other data you have provided may be processed. We are then entitled to process these data in accordance with Art. 6 Para. 1 S. 1 letter a) GDPR. Of course, your data will only be used strictly for the purpose of processing and answering your inquiry and will be deleted immediately after final processing.
7. General inquiries
If you contact us by post, e-mail, telephone or fax, your inquiry including all personal data resulting from it will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The processing of this data is carried out on the basis of Art. 6 para. 1 sentence 1 letter b) GDPR, insofar as your request is related to the fulfilment of a contract concluded with us or is necessary for the implementation of pre-contractual measures. Otherwise, processing is based on Art. 6 para. 1 sentence 1 letter f) GDPR, as we have a legitimate interest in the effective processing of the inquiries addressed to us. In addition, we may also be entitled to be informed under Art. 6 para. 1 sentence 1 letter f) GDPR. c) GDPR, as we are legally obliged to enable rapid electronic contact and direct communication with us.
Certainly, your data will be used strictly for the purpose of processing and answering your inquiry and will be deleted after final processing, provided that we are not subject to any legal storage obligations.
We will not pass on your data to third parties without your explicit consent. However, like any modern company, we work together with contract processors in order to be able to offer you an uninterrupted and best possible service.
When we work together with external service providers, we regularly process orders on the basis of Art. 28 GDPR. For this purpose, we conclude appropriate agreements with our partners to ensure the protection of your data. When processing your data, we use only carefully selected contract processors. These are bound by our instructions and are regularly checked by us. We only commission external service providers who have ensured that all data processing procedures are carried out in accordance with data protection regulations.
The following types of processors may receive personal data:
- Shop system provider (Shopify)
- Newsletter service provider
- Marketing service provider
- Shipping service provider
9. Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.
The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is therefore deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. In accordance with the decision of the European Commission of 12.07.2016, data transmission to the USA in compliance with the provisions of the agreement offers an adequate level of protection within the meaning of Art. 45 GDPR. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 letter f) GDPR.
Information provided by the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user conditions:
http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My Data", "Personal Data".
10. Google Adwords and Conversion Tracking
In order to draw attention to our services, we place Google Adwords ads and use Google Conversion Tracking and Google Tag Manager for the purpose of personalized, interest- and location-based online advertising. The option to anonymize IP addresses is controlled by Google Tag Manager via an internal setting that is not visible in the source of this page. This internal setting is set to achieve the anonymization of IP addresses required by the German Federal Data Protection Act. The ads are displayed after search queries on websites of the Google advertising network. We have the option to combine our ads with specific search terms. Cookies allow us to serve ads based on a user's previous visits to our website.
With the help of this technology, Google and we as the customer receive information about the fact that a user has clicked on an advertisement and has been forwarded to our web pages. The information obtained in this way is used exclusively for statistical evaluation for ad optimization. We do not receive any information with which visitors can be personally identified. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page of our website marked with a conversion tag. Based on these statistics, we can track which search terms were clicked on our ad particularly often and which ads lead to the user contacting us via the contact form.
If you do not want this, you can prevent the storage of the cookie required for these technologies, for example, via your browser settings. In this case, your visit will not be included in the user statistics.
If you also do not want to be included in these statistics, you can prevent this by using additional programs for your browser [for example, with the Ghostery add-on].
11. Google Dynamic Remarketing
On our website, we use the dynamic remarketing function of Google Adwords, a service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The technology allows us to serve automatically generated, targeted advertisements after your visit to our website. The ads are based on the products and services you clicked on the last time you visited our website.
If you do not want to receive user-based advertising from Google, you can disable the display of ads using Google's ads setting.
12. Google Tag Manager
For reasons of transparency, we would like to point out that we use the Google Tag Manager. The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites. We use Google Analytics. If you have opted out, this opt-out will be honored by Google Tag Manager. For more information on Google Tag Manager, see: google.com/intl/en/tagmanager/use-policy.html
13. Facebook Pixel
We use on our website the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
With the help of the Facebook pixel, Facebook is able to determine you as a visitor to our online offer as a target group for the presentation of advertisements (so-called "Facebook Ads"). We use the Facebook Pixel in order to display the Facebook ads we have placed only to those users who have also shown interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products) that we transmit to Facebook (so-called "Custom Audiences").
With the help of the Facebook pixel, we want to ensure in particular that our Facebook ads also correspond to the potential interest of users and that they do not appear to be annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes, as this enables us to see whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of data by Facebook is carried out within the framework of Facebook's data policy. General information on the display of Facebook ads can be found here. Special information and details about the Facebook pixel and its functionality can be found here.
The data collected using the Facebook pixel may be transferred to Facebook servers in the USA. Facebook has undertaken to comply with the provisions of the so-called "Privacy-Shield" agreement. You can find more information on this at https://www.privacyshield.gov. According to the decision of the European Commission of 12.07.2016, data transmission to the USA in compliance with the provisions of the agreement offers an adequate level of protection within the meaning of Art. 45 EU-GDPR.
When you first visit our website, we will ask you for your express consent that cookies may be set on your terminal device for advertising purposes. The legal basis for the data processing is therefore Art. 6 para. 1 sentence 1 letter a) GDPR.
13.1 Pinterest Conversion Tracking:
Our website uses the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which enables us to display relevant advertisements and offers on Pinterest to our website visitors who have already taken an interest in our website and our content/offers and are Pinterest members. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, via which Pinterest is informed when you visit our website that you have called up our website and in which parts of our offer you were interested. For example, if you were interested in our subscriptions on our website, you may be shown an ad on Pinterest about our subscriptions.
You can object to the collection of data for the display of interest-based advertising on Pinterest at any time in your account settings on Pinterest at https://www.pinterest.de/settings (there, under "Individual customisation", deactivate the button "Use info from our partners to better tailor recommendations and ads on Pinterest to you") or at https://help.pinterest.com/de/article/personalization-and-data#info-ad (there, deactivate the checkbox under "Disable individual customisation").
13.2 Social Plug-ins:
In order to give our website visitors the opportunity to interact with social networks/platforms (e.g. through share, like, tweet and pin buttons) and to make our offer more interesting and user-friendly for you, we use so-called social plug-ins of the following social networks/platforms:
-Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; information on data protection: https://www.facebook.com/privacy/explanation)
-Instagram (Instagram Inc., 181 South Park Street, Suite 2, San Francisco, CA 94107, USA; information on data protection: https://help.instagram.com/519522125107875)
-Pinterest (Pinterest Inc., 808 Brennan St., San Francisco, CA 94103, USA; information on data protection: https://policy.pinterest.com/de/privacy-policy)
We would like to point out that calling up our website leads to a connection being established with the above-mentioned social networks/platforms and that they receive, among other things, the information that the user has called up the corresponding sub-page of our website. If you interact with one of the integrated plug-ins, e.g. click on it and are logged into the respective social network/platform, your data may be directly assigned to your user account with the respective social network/platform.
We have no influence on the data and data processing procedures collected by the social networks/platforms, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods of the social networks/platforms. We also have no information on the deletion of the collected data.
We recommend that you inform yourself about the types of data covered by this, as well as the purpose and scope of the data collection and the further processing and use of the data by the social networks/platforms, as well as your rights in this regard and setting options for protecting your privacy, by reading the data protection information linked above.
You can prevent the loading of the plug-ins and thus the collection of data by installing add-ons (so-called browser extensions) / script blockers in your browser.
14. Children & Teenagers
Our offer is basically directed at adults. Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or legal guardians.
15. Deployment obligation and profiling
There is no legal obligation to provide us with personal data.
There is no automated decision-making within the meaning of Art. 22 EU-GDPR.
16. Your rights
In this section we inform you about your rights regarding your personal data.
17.1. Revocation of consent
If the processing of personal data is based on a granted consent, you have the right to revoke this consent at any time. Revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
17.2. Right to confirmation
You have the right to request confirmation from the data controller as to whether we are processing personal data concerning you. You can request such confirmation at any time by contacting us at the contact details given above.
17.3. Right of access by the data subject
If personal data is processed, you can request information about this personal data and about the following information at any time:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer. We will provide a copy of the personal data that is the subject of the processing. For any further copies that you request personally, we may charge a reasonable fee based on the administrative costs. If you make the request electronically, the information shall be provided in a standard electronic format, unless the request states otherwise. The right to receive a copy pursuant to paragraph 3 shall not prejudice the rights and freedoms of other persons.
17.4. Right to rectification
You have the right to ask us to correct any incorrect personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
17.5. Right to erasure (‘right to be forgotten’)
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure (‘right to be forgotten’) shall not apply to the extent that the processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims.
17.6. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
17.7 Right to data portability
You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR; and
b) the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right to data portability is without prejudice to the right to erasure (‘right to be forgotten’). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
17.8. Right to object
According to Art. 21 GDPR you have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1), you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
17.9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the you consider that the processing of personal data relating to you infringes this Regulation.
18. Controller & Contact
Responsible for data protection:
Artsocks UG (haftungsbeschränkt)
represented by the managing director Hayk Sahakyan
In der Rehre 33
If you have questions regarding data protection or wish to assert one of your rights, please contact us by post at the above address or by e-mail at email@example.com. We will endeavour to deal with your request as quickly as possible.
Due to the rapid development of the Internet and data protection law, we expressly reserve the right to make modifications to this data protection declaration.