Standard Terms of Business

Terms and Conditions (A.) and Data Protection Policy (B.) of WebID Solutions GmbH

A. Terms and Conditions

1. General and Scope

1.1 WebID Solutions GmbH (hereinafter called “WebID”) provides users with services for identification, documentation and age verification (hereinafter collectively “identification services”) in accordance with these Terms and Conditions (hereinafter called “T&Cs”).

1.2 These T&Cs apply to the identification services provided by WebID to the users of WebID services.

1.3 The T&Cs apply exclusively. Any conflicting or differing terms and conditions of the user will only become part of the contract insofar as they are identical in content with these T&Cs or explicitly approved by WebID in writing. This also applies if WebID provides services without reservation whilst being aware of the user’s conflicting or differing terms.

2. Services of WebID

2.1 The identification and the verification of age

  • the determination, verification and confirmation of identity, a documented statement or age of the user for partners (as defined below) on behalf of the partner and the user (2.3),
  • – the transmission to the partner of the data and information obtained as part of the identification process, including – where requested by the partner – the pictures taken as part of the identification process and any other documents (2.3).

2.2 The creation of a user profile

WebID saves the data obtained as part of the identification process in a user profile (cf. section 2.4). The data stored there can be used for future identifications or verifications of age. Before future usage, the user will always be asked for his/her consent.

2.3 Identity or age verification and confirmation

a. The identity or age verification and confirmation presupposes the requirement of a contractual partner of WebID (hereinafter called “partner”) who wishes to verify the identity or age of the user or requires said verification on account of legal regulations (e.g. Money Laundering Act, Digital Signature Act, Youth Media Protection Act, German e-mail law), in order to enter into a business relationship with the user or to provide certain services to the user.

b. The identification, documentation or age verification of the user through WebID forms part of the overall process of a personal interview via videoconference between the user and a WebID agent which is recorded as an audio file for compliance with record-keeping legislation.

c. During the overall identification process WebID collects the user’s personal data and information as appropriate and in accordance with the respective laws and as required for the purpose of identification and age verification of the user and also conducts a cross-check of personal data and information transmitted by the respective partner.

d. The nature and scope of the collection and processing of personal data and information by WebID depends on the intended or existing contractual relationship between the user and the partner, as well as the legal requirements that stipulate a proof of age or identity. Besides the verification of the name, place of birth, date of birth, nationality and address of the user, other data may be checked which is required either for entering into or executing a contractual relationship between the user and the partner or required by law. Depending on the respective legal requirements regulating the identity and age verification, a check of additional data stated in a valid, official identity document (e.g. passport) may also be required. For this verification, additional data stated on the official identity document will be requested and a visual inspection of the official identity document will be carried out by WebID. In this context it may also be necessary to take photographs, both of the official identity document and of the user. In this case, a photograph of the user, as well as of the front and back of the official identity document, will be taken in the form of screenshots. The use of WebID services requires prior consent to the separate Data Protection Policy on the part of the user. The Data Protection Policy also explicitly stipulates the user’s right to revoke consent to the data collection in part or as a whole during the videoconference or at any time thereafter. In the case of total or partial revocation of consent, it is however possible that the user may not be able to use or fully use the WebID service.

e. WebID will only provide the partner with confirmation of the user’s identity and age if the personal data and information transmitted by the partner or collected by WebID is suitable to confirm the identity or age of the user and if all other information required by law or as set out by the individual partner has been provided in full, i.e. copies and documents that are necessary to verify the identity or age.

f. The user will be informed about the identity or age verification. WebID sends out e-mails accordingly. Moreover, during videoconferencing and other stages of the verification process, WebID sends a transaction number (TAN), centrally and uniquely generated especially for this particular purpose, via e-mail or SMS to the e-mail address or phone number specified by the user. This TAN allows the user to successfully complete the process as required by the partner. The user must enter this TAN directly as part of the online process and send it back to WebID electronically. In addition, WebID will notify the partner, upon whose request the identity or age verification of the user was conducted, of the successful completion of the identification process and, upon request, transmit the personal data and information used to successfully verify identity or age of the user and all photographs and other records and documents provided by the user as part of the identification process.

g. WebID’s contractual obligation consists of the identity verification process, as well as verifying and confirming the identity or age of the user for a current partner or future partners.

2.4 User profile storage

a. Following successful completion of the identity or age verification process and with the express prior consent of the user, WebID will create a user profile based on the information collected and personal data provided and save this profile for the purpose of enabling the user to carry out future identity or age checks with other partners. This service is also entirely subject to the user’s express prior consent.

b. Along with the creation of the user profile, WebID will generate and forward a unique transaction number or stored personal data to the user for definite user allocation. The user may use this transaction number or user allocation for future WebID identity or age checks with future partners, unless additional information is required in individual cases for the purpose of proof of identity or age by this particular partner.

c. The user has the right to request the immediate deletion of their WebID user profile without any notice. WebID may also block or delete the user profile without any notice if the user violates the law regulating identity or age verification or the provisions set out in these T&Cs, particularly with regard to the user’s legal obligation to cooperate. In such cases and subject to statutory or contractual retention periods, WebID will delete or destroy the user profile in question, the personal data and information stored, as well as any photographs and documents obtained, and immediately block the user’s transaction number. It is not possible to restore the user profile once it has been deleted.

d. WebID will also provide confirmation of successful identification to other existing or future partners, provided the user has consented to this as stated in section 2.1 and the partner has requested the identification or age verification in accordance with section 2.2 a. In this case the provisions in sections 2.2 d. to g. apply accordingly. Should existing information for identification not be sufficient, the required additional information will be requested.

3. Access and Availability

3.1 WebID can only provide identification services if the user has videoconferencing software compatible with the WebID system, a webcam (video and audio) and access to the internet.

3.2 A further requirement for carrying out identification services is prior registration or login to the WebID service on the part of the user according to the procedure described in section 4.

3.3 WebID is entitled to suspend, change or modify the WebID service in any way at any time. This especially holds true in situations where legal or regulatory requirements for provision or in connection with the identification service change.

3.4 WebID strives to provide the WebID identification service without disruptions. However, no liability can be assumed for the continuous availability of WebID services. WebID may temporarily restrict the availability of the service whenever necessary with regard to capacity limits, the security or integrity of the servers, or for technical maintenance or repair work, provided it safeguards proper or improved provision of services (maintenance). In such cases WebID will take into account the legitimate interests of users, for example through advance information. WebID’s liability for self-inflicted causes as stipulated in section 10 remains unaffected.

4. Registration / Login

4.1 Each users may only register once.

4.2 In order to register, the user will fill in the electronic data entry form provided by WebID or its partners correctly and in full and send it to WebID by clicking the appropriate button. By clicking on a corresponding button, the user consents to the use of WebID services and will receive the opportunity to review the data and correct any errors within the form. Should the user or WebID not continue the identification process immediately after registration, WebID is entitled to contact the user via the e-mail address provided during registration, in order to inform the user of any necessary further steps in the identification process.

4.3 Registration is only possible if the user explicitly consents to the T&Cs and the separate Data Protection Policy prior to sending the information.

5. Contract Conclusion

5.1 By sending the registration form, the user makes a binding offer to conclude a contract with WebID for processing, storing and disclosing their data, providing identification services and providing partners with confirmation of their identity in accordance with these T&Cs and the separate Data Protection Policy. WebID will confirm receipt of the user registration without delay via electronic confirmation by e-mail to the e-mail address provided during registration. This confirmation does not constitute an acceptance of the user’s offer to use the identification services. A legal agreement is only entered into once WebID has submitted a separate declaration of acceptance in a separate e-mail (registration confirmation) or through the actual provision of data processing and identification services. WebID will accept the offer no later than three (3) days after registration has been completed. However, WebID reserves the right to reject registrations without giving a reason.

5.2 WebID does not store or permanently hold contractual agreement texts for the user’s retrieval.

6. Participation and Other User Obligations

6.1 The user is obliged to participate appropriately in the provision of identification services.

6.2 In particular, the user will provide WebID with all personal data, information, records and documents required for identification or age verification, both truthfully and in full.

6.3 Videoconferencing software is required for part of the WebID identification service process. Depending on the equipment employed by the user, it may be necessary for the user to download and install the appropriate software on the device being used. The option of using WebID’s identification services also depends on the technical performance of the user’s device. It is the user’s responsibility to ensure the performance and compatibility of the chosen device.

6.4 The user is obliged to keep secret the data (e.g. case number and TAN) and identification number provided by WebID at all times and to protect the data against use by unauthorised third parties, particularly minors. Disclosing the data and identification number or transferring the user profile to third parties is strictly prohibited. The user will inform WebID immediately in case of a suspected case of unauthorised use of their data, identification number or data required for user allocation. The user shall exempt WebID from all third party claims that may arise from unauthorised use of their access data or identification number, unless it is proven that they themselves are not responsible for the unauthorised use by third parties.

6.5 The user will solely use the identification number and the entirety of the data entered during registration for the purpose of verifying their identity or age to partners.

6.6 Once a user profile has been created for a user, the user shall notify WebID through a re-identification process of all changes to their personal data, depending on necessity with respect to the nature or extent of the changes.

6.7 Should the user violate the obligations under these T&Cs, WebID is entitled to abort the affected identification process or delete the user profile without further notice and to block the user’s identification number.

7. Revocation Policy

Revocation Policy

Right of Revocation

You may revoke your contract within 14 days in writing (e.g. letter, fax, e-mail) without giving reasons. The revocation period begins upon receipt of this notification in writing, but not before conclusion of the contract or prior to fulfilment of our obligations under Article 246 § 2 in connection with § 1 paragraph 1 and 2 EGBGB and our obligations according to § 312g paragraph 1 sentence 1 BGB in conjunction with Article 246 § 3 EGBGB. The timely dispatch of the revocation is sufficient for the observation of the revocation period. The revocation must be sent to:

WebID Solutions GmbH, Friedrichstrasse 88, 10117 Berlin

Fax: +49 30 408 173 450


Revocation Consequences

In the case of an effective revocation, the mutually exchanged services and any benefits (e.g. interest) are to be returned. In case you are unable to return the received service and usage (e.g. use and enjoyment) to us in full or in good condition, you shall be liable to provide us with compensation. This may lead to the obligation to fulfil any contractual payment obligations for the period leading up to the revocation. Obligations to reimburse payments must be fulfilled within 30 days. The period for you begins with the dispatch of the revocation, and the period for WebID begins with receipt of the revocation.

Special Note

Your revocation right expires prematurely if the contract has been completely fulfilled by both sides upon your explicit request before you have exercised your right of revocation.

Exclusion of the right of revocation:

The right of revocation does not exist if, on conclusion of the legal transaction, you predominantly exercise your commercial activity or self-employment and you are therefore to be viewed as an entrepreneur (§14 of the German Civil Code [BGB]).

Other important note:

You explicitly agree to us commencing with the implementation of the service before the end of the revocation period.

End of Revocation Policy

8. Remuneration

8.1 WebID provides identification services free of charge to the user.

8.2 Any connection or transmission charges incurred during the use of WebID services and levied by the relevant internet provider must be borne by the user.

9. Data Protection

WebID processes the user’s personal data for the purpose of providing identification services and services within the framework of the digital contract conclusion and within the framework of statutory or legal obligations that WebID has to fulfil. WebID will not make any additional use of user data, unless the user has given express consent. For details regarding the handling of the Data, please refer to the Data Protection Policy provided on WebID’s website which can be accessed and retrieved at any time (Part B.); with regard to the scope of the consent, reference is made in particular to section 3.3.3 of the data privacy statement.

10. Liability

10.1 WebID is liable for compensation in accordance with the statutory provisions for personal injury and for damages under the Product Liability Act.

10.2 WebID is liable for any other damages in accordance with the following provisions, unless otherwise stated in a warranty assumed by WebID.

10.3 Under the statutory provisions, WebID is liable for damages caused by fraudulent behaviour and damages caused by intent or gross negligence on the part of WebID, as well as legal representatives or senior staff of WebID.

10.4 WebID is liable for compensation limited to the amount of foreseeable damage typical for this contract

  • or damages resulting from a negligent breach of fundamental contractual obligations or obligations which need to be fulfilled in order to even make the proper execution of the contract possible and on whose observance the user may regularly rely upon (cardinal obligations),
  • as well as for damages which were caused deliberately or through gross negligence of WebID’s vicarious agents.

10.5 Any further liability on the part of WebID for damages caused by carelessness is excluded.

10.6 Notwithstanding the preceding provisions, the amount of any claim for damages will be reduced through negligence of the user – in particular through inadequate provision of cooperation services, organisational errors, inadequate data backup or a breach of other contractual obligations.

10.7 The customer is obligated to immediately report any damage as defined in the above liability regulations to WebID in writing or inform WebID on record, in order that WebID may be informed as early as possible and potentially be able to limit the damage in cooperation with the customer.

10.8 WebID is only liable for the replacement of data if the customer has met all necessary and appropriate data security measures and ensured that the data from data material which is kept ready in machine-readable format can be recovered with reasonable effort.

11. Other Items

11.1 These T&Cs and all contracts entered into between the user and WebID referring to these T&Cs are subject to the law of the Federal Republic of Germany, excluding the conflict of laws and the United Nations Convention of 11th April 1980 on Contracts for the International Exchange of Goods.

11.2 Changes and additions to these T&Cs must be made in writing. This also applies to amendments or the cancellation of the written form requirement.

11.3 In case any provisions of these T&Cs are partly or fully invalid or unenforceable or contain any gaps, the remaining provisions shall remain unaffected. The parties are obligated to replace the invalid or unenforceable provision or to fill this gap by a valid and enforceable provision that reflects the economic purpose of the invalid or unenforceable provision as closely as possible.

Legal notice: These Terms and Conditions have been translated. In case of legal dispute, the German original Terms and Conditions apply.

Date: May 2019

B. Data Protection Policy

The following data protection declaration is to inform you of the processing of your personal data (hereinafter “Data”), which WebID Solutions GmbH (hereinafter “WebID”) processes relating to your use of this website, of the mobile apps (hereinafter together “Website”) and of WebID services. Such information is required in accordance with Articles 12, 13 and 21 of the European General Data Protection Regulation (GDPR). In addition, you will be informed of the scope of your consent to the processing of your Data and of the possibility to withdraw the consent you have given to WebID, both in accordance with section 3.3.3 of this data protection declaration.

Your data are processed in compliance with the relevant regulations on data protection, including without limitation the regulations contained in the GDPR and in the Federal Data Protection Act.

1. Controller

The controller, as stipulated in the GDPR, is:

WebID Solutions GmbH, Friedrichstr. 88, 10117 Berlin, Germany

2. Data protection officer

In case of any questions, please contact our external data protection officer as follows:

Data protection officer: Silvia C. Bauer

WebID Solutions GmbH, Data Protection Officer
Friedrichstr, 88, 10117 Berlin, Germany

3. Purposes and legal bases of data processing

3.1 Processing of Data when using the app

When you download our mobile app, the required information for such download will be transferred to the app store. Such information includes without limitation your e-mail address and the customer number of your account, date and time of download; payment information, if applicable, and the individual device code number. We have no influence on this data collection and are not responsible for it. We only process the Data to the extent required for the download of the mobile app to your mobile device and in this context, to the extent required for the use of the app, on the basis of Article 6, para. 1, lit. b of the GDPR.

3.2 Active use of the Website

In addition to the use of our Website purely for information purposes, you may also use our Website actively to make use of our WebID products, such as secure online identification or digital contract signature, to create a permanent user profile, to subscribe to our newsletter or to contact us. In addition to the dissemination of your personal data that incurs if you use our Website purely for information purposes, we then process additional personal data which we require in order to provide the relevant services and/or to answer your questions.

3.3.1 Verification and confirmation of identity or age – video legitimisation

Your Data in relation to the verification and confirmation of your identity, a documented declaration or your age are processed by WebID on behalf of WebID’s relevant partner company, e.g. a bank, a telecommunication company or an insurance company upon whose request we make such verification (“Partner”).

Your Data is processed exclusively for the purpose of verifying and confirming to the relevant Partner your identity, your declaration or your age.

For such purpose, we process the Data you provide in relation to your use of the WebID services for our Partner and the Data provided by our relevant Partner for the purpose of comparing it to the Data you provided, if applicable. A prerequisite for the processing of your Data is the set-up of a user profile (cf. section 3.3.3) where your Data is recorded and which provides us with the opportunity to contact you via e-mail and text message for video identification purposes, to transfer to you, amongst others, the transaction number (TAN) for the successful completion of the video identification process.

The scope of the processing activities related to this Data and the legal basis for such processing is to be based on the planned or existing contractual relationship between you and the Partner and on the legal requirements that may require a confirmation of identity or age. Depending on the legal basis for a confirmation of identity or age, the presentation of a valid identification document (e.g. ID card, passport) may be required in addition thereto. As a general rule, the following Data will be processed:

  • surname, forename
  • place of birth
  • date of birth
  • citizenship
  • full address
  • mobile phone number
  • e-mail address
  • user name for the video conference programme used
  • photo / screenshot of the person and of the front and reverse side of the official identification document
  • identification data contained in the official identification document (e.g. type of official identification document, date and place of issue, issuing authority)
  • video and sound recordings of the video call.

To the extent we have established and verified your identity, we transfer the collected Data to the Partner. Should the verification of your identity be transferred via one of our distribution partners or one of the Partner’s distribution partners upon your request, the distribution partner shall only receive the information that the identity verification process has been completed successfully. The Partner processes the transferred Data in order to fulfil such Partner’s identification obligations as requested by laws and regulations on the prevention of money laundering and otherwise, and on its rights and obligations resulting from the contract concluded between such Partner and you.

We process your personal Data on the following legal bases:

  • in relation to the business relationship with the relevant Partner in accordance with Article 28 of the GDPR
  • in order to fulfil a contract
  • in order to fulfil a legal obligation that we are subject to.

3.3.2 Digital contract signing

You may use our services to sign digital contracts with our Partners. After the video identification as described above or a similar legitimisation and after inspection of the relevant contract, you may digitally sign your contract partner’s contract via a digital certificate.

In doing so, we process the Data stipulated in section 3.3.1 for the purposes of your identification and digital contract signing. Your Data is being processed for contractual purposes, pursuant to Article 6, para. 1, lit. b of the GDPR, and in accordance with statutory regulations such as the eIDAS Regulation which must be complied with in the individual case for digital contract signing.

3.3.3 Processing for the purpose of the user profile “My WebID”

Our services for you also include the creation of a user profile.

In relation therewith, we process the Data collected regarding the video identification and the digital contract signing (cf. sections 3.3.1 and 3.3.2) and the transaction key linked to your user profile.

We use such Data for the purpose of enabling you to provide confirmation of your identity or age in future to our current and future Partners or of enabling you to digitally sign contracts.

The set-up of your user profile and the processing of the above-stated Data for WebID’s own purposes shall be subject to your declaration of consent in accordance with Article 6, para. 1. lit. b of the GDPR and the following declaration of consent, Article 6 para. 1 lit. a of the GDPR.

“I hereby declare my consent to the storage of my personal data by WebID Solutions GmbH in my user profile and to the processing of my data for future identification processes and/or digital signatures.”

You may revoke your consent during the video call, i.e. even before completion of the identification process, by making an oral declaration to WebID and/or thereafter at any time with future effect via e-mail at WebID will send you a confirmation of your revocation via e-mail.

3.3.4 Enquiries

To be able to process and answer your enquiries to us, e.g. via the contact form or to our e-mail address, we process your Data you have disclosed to us for such purpose. This includes your name, your age and your e-mail address, which we need to send you an answer, and other information you send together with your communication.

We process your Data in order to answer your request on the following legal basis:

  • To the extent you contact us in relation to a contract to which you are a party and/or for the execution of pre-contractual measures, the legal basis is Article 6, para. 1, lit. b of the GDPR.
  • To protect our legitimate interests in accordance with Article 6, para. 1, lit. f of the GDPR; our legitimate interest is expertly answering customer enquiries.

3.3.5 Newsletters, surveys, etc.

With your consent, we use your Data for marketing purposes, e.g. for the distribution of our newsletter, telephone calls or marketing surveys. We only collect the Data required for the relevant purpose, e.g. your e-mail address.

For these purposes, we process your Data on the following legal basis:

  • To the extent you have given your consent, in accordance with Article 6, para. 1, lit. a of the GDPR.

4. Recipient categories

Within WebID, only those persons who require them have access to the Data in order to fulfil our contractual and legal obligations.

Within the framework of our activities as the processor, we transfer the collected Data to the Partner with which you are in contact. Should the verification of your identity be transferred via one of our distribution partners or one of the Partner’s distribution partners upon your request, the distribution partner shall only receive the information that the verification has been successful. The Partner processes the Data in order to fulfil such Partner’s identification obligations based on laws on the prevention of money laundering and otherwise, and on its rights and obligations resulting from the contract concluded between such Partner and you or with regard to the digital signature, in particular in order to document the conclusion of the contract.

In addition, we disclose your personal data to other recipients that render services to us regarding our Website or our services, such as IT service providers, to the extent such disclosure is legally permissible or required. We limit the disclosure of your personal data to the extent required, in particular in order to be able to render our services. Some of our service providers receive your personal data as processors and are then strictly bound by our instructions regarding the handling of your personal data. Some recipients process your Data independently after we transfer them.

5. Transfer to third countries

We do not transfer your personal data into countries outside the EU and/or outside the EEA and/or to international organisations.

6. Links

Some pages of our Website contain links to third-party websites, including without limitation YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, in order to show YouTube videos. In order to increase protection of your Data while visiting our Website, YouTube is included in our website to a limited extent only, by using a HTML link. This is to guarantee that at the time you access our website, no connection to YouTube’s servers is established and your Data are not yet transferred to YouTube. Only if you activate the video and thus give your consent to the Data transfer does your browser establish a direct connection to YouTube’s servers and you are able to watch our video. Functionally, this means YouTube is included in our Website via a hyperlink, so neither we nor YouTube collect your Data via our Website.

All third-party providers’ websites are subject to their own data protection regulations. We are not liable for the operation of such third-party websites or for their data management. If you send information to or through such third-party websites, you should carefully read their data protection declarations before sending any information that might be allocated to you personally.

7. Periods for which your data is stored

During the video identification or a comparable identification process and the digital contract signing process, we process your Data on behalf of our clients (companies initiating the process). Therefore, the period for which your Data is stored is subject to the contractual agreements you have entered into with the client and/or to the storage periods applicable to that company. For the purposes of the Act on the Prevention of Money Laundering, our client may be obliged to store such Data for a period of up to 5 years, or in accordance with the trade and tax law requirements for a period of up to 10 years.

The provision of services related to the qualified electronic signature is also subject to the obligation to store your Data in accordance with the regulations contained in the eIDAS Regulation and the related national legal requirements in the long term in order to enable the initiating company to provide proof – with legal certainty – for the services provided in this connection. In Austria, data must be stored, for example, for up to 35 years.

To the extent you have given your consent to the processing of your Data, we store the data until you revoke your consent; in these cases too, we might have to archive your Data for legal or statutory requirements. In such cases, your Data is made inaccessible for use for any other purposes and is kept only for the fulfilment of our legal or statutory obligations.

If you send an enquiry to us while using our Website, we otherwise store your personal data for the period needed to answer your enquiry and/or for the period of our business relationship, including the initiation of a contract (pre-contractual relationship) and the execution of a contract.

In addition, based on our legal relationship, we then store your personal Data until expiry of the identification period applicable to be able to provide it as evidence for any legal claims, if required. Generally, the limitation period is between 12 and 36 months, but may be up to 30 years.

Upon expiry of the limitation period, we irrevocably erase your personal Data unless we are subject to a legal retention period, e.g. based on the German Commercial Code (section 238, section 257, para. 4) or on the Fiscal Code (section 147, paras. 3 and 4). Such retention periods may be between 2 and 10 years.

8. Your rights as the data subject

In accordance with statutory requirements, you, as the data subject, have the following rights, which you are entitled to assert against us:

Right to access information: In accordance with Article 15 of the GDPR, you are entitled, at any time, to demand a confirmation of whether or not we are processing your personal data. If we are processing your personal data, you are entitled, in accordance with Article 15 of the GDPR, to receive information on such personal data and certain other information (e.g. purpose of processing, categories of personal data, categories of recipients, planned storage periods, your rights, data origins, the use of automated decision-making processes and, in case of a transfer to a third country, the suitable safeguards) and a copy of your Data.

Right to rectification: In accordance with Article 16 of the GDPR, you are entitled to demand that we rectify the personal data stored about you if they are inaccurate or erroneous.

Right to erasure: In accordance with the prerequisites of Article 17 of the GDPR, you are entitled to demand that we immediately erase your personal data. The right to erasure does not apply if the processing of your personal data is required for (i) the execution of the right to freely express one’s opinion and the right to information; (ii) in order to fulfil a legal obligation we are subject to (e.g. statutory retention periods) or (iii) in order to assert, execute or defend legal claims.

Right to restrict data processing: In accordance with Article 18, you are entitled to demand that we immediately restrict the processing of your personal data.

Right to portability: In accordance with Article 20 of the GDPR, you are entitled to demand that we transfer to you your personal data you have provided, in a structured, standard and machine-readable format.

Right to object: In accordance with Article 21 of the GDPR, you are entitled to object to the processing of your personal data, in which case we are obliged to refrain from processing your personal data. The right to object shall be limited to the scope described in Article 21 of the GDPR. In addition, the processing of your personal data might be in our legitimate interest, therefore we would be entitled to process your personal data despite your objection.

Right to lodge complaints with regulatory authorities: In accordance with Article 77 of the GDPR, you are entitled to lodge a complaint with a regulatory authority, in particular in the member state of your place of residence, your workplace or of the place where the presumed violation occurred, if you are of the opinion that the processing of your personal data is a violation of the GDPR. The right to object shall be without prejudice to other administrative or judicial remedies.

The regulatory authority regulating for our company and services is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit,
Friedrichstr. 219, 10969 Berlin, Germany
Telephone (exchange) +49 30 13889-0
Fax: +49 30 2155050

Revocation of consent: If you revoke your consent to the collection, processing and use of your Data with future effect in whole or in part, e.g. in accordance with section 3.3.3 of this data protection declaration, we will erase your Data without delay, to the extent you requested, or restrict access thereto, unless otherwise required based on statutory retention periods.

9. Obligation to provide Data

As a general rule, you are not obliged to disclose your personal data to us. However, if you refuse to provide your personal data, you may not be able to use our Website, we will not be able to answer your enquiries or to render our services. Personal data that is mandatory for the above-stated purposes is marked by an “*” or another symbol.

10. Automated decision-making / profiling

We do not use automated decision-making or profiling (automated analysis of your personal circumstances). We will inform you should we use such processes in any individual case.

11. Encryption

When collecting or transmitting your Data, we use an up-to-date SSL encryption (SSL = Secure Sockets Layer). This SSL encryption guarantees the confidentiality of communications. Such security feature is active if the symbol of an unbroken key or of a closed lock (depending on your browser) is shown in the lower area of your browser window.

Right to object

For reasons resulting from your specific situation, you are entitled to object to the processing of your personal data by us based on Article 6, para. 1, lit. e (processing is necessary for the performance of a task carried out in the public interest) or Article 6, para. 1, lit. f GDPR (processing is necessary for the purposes of the controllers’ legitimate interests). The same shall apply, mutatis mutandis, to profiling based on these provisions. We shall no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for such processing, which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. If you object to the processing of your personal data for direct marketing purposes, your personal data shall not be used for such purposes anymore.

Please direct any objections to the address stipulated in section 1.

12. Changes

We reserve the right to adjust this data protection declaration at any time. Any changes will be announced by publishing the changed data protection declaration on our Website. Unless otherwise stipulated, such changes shall take immediate effect. Please read this data protection declaration regularly to ensure that you have read the latest version.

Last amended in May 2019.