0034 645 559 423
PRIVACY POLICY
Privacy Notice English Privacy Policy of Bowens Property Management
1. Name and address of the controller
The controller pursuant to the General Data Protection Regulation and other national data protection laws of Member States as well as other legal data protection regulations is:
James Bowens,
Cortijo de Ardila 48,
Lugar Partido de los Prados,
Alhaurin El Grande,
29120 Malaga
Email: info@bowenspropertymanagement.com
Website: www.bowenspropertymanagement.com
Contact Data Protection Officer
Data Protection Officer: James Bowens
2. General provisions for data processing
1. Scope of personal data processing
Protecting your privacy is very important to us. As far as we collect, process or use personal information about you as part of the services we provide, we do so in accordance with the relevant German and European data protection laws.
In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website, our content and services. The collection and use of the personal data of our users take place regularly only with the user’s consent. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis for personal data processing
Insofar as we obtain the consent of the data subject for processing personal data, point (a) of Art. 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the conclusion and the performance of a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations required in order to take steps prior to entering into a contract.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis.
If the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, point (d) of Article 6(1) GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and if the interests or fundamental rights and freedoms of the data subject do not override the first-mentioned interests, point (f) of Article 6(1) GDPR serves as the legal basis for processing.
3. Data erasure and storage period
The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage ceases to apply. In addition, data storage may take place if provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Blocking or erasure of data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of data for the conclusion or performance of a contract.
4. Transfer of personal data to third parties
We may disclose your personal data to third parties where necessary and in compliance with local laws and regulations, in particular to the following categories of persons:
Affiliated companies
External service providers performing services on our behalf
Providers of outsourced IT services with whom we cooperate
Data are passed on to complete your booking, enable payments for bookings, send marketing material or for analytical support services.
3. Provision of the website and log file creation
1. Description and scope of data processing
Each time our website is visited, our system automatically collects data and information from the computer system of the requesting computer.
The following data are collected in this context:
Information about the browser type and browser version used
The operating system of the user
The internet service provider of the user
The IP address of the user
The time and date of the visit
Websites from which the system of the user accesses our website
Websites which are accessed by the system of the user through our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.
If you are using a mobile device, we also collect device-specific settings and location data. This data will be stored whether or not you are registered with Wimdu or have logged into your Wimdu user account.
2. Legal basis for data processing
Point (f) of Article 6(1) GDPR is the legal basis for the temporary storage of data and log files.
3. Purpose of data processing
When you access our platform, for example, to search for accommodation, post listings, make bookings, accept booking requests, pay for accommodation, post comments or reviews, or communicate with other users or Wimdu, we may store information such as your IP address, the time and date of your visit, how you are using our platform, your browser type and information about your computer’s operating system as well as the pages you have visited and your original website.
The system needs to temporarily store the IP address to be able to deliver the website to the user’s computer. Therefore, the user’s IP address must be stored for the duration of the session.
Data are stored in log files to ensure the functionality of the website. In addition, the data are used to optimise our website and to ensure the security of our information technology systems. In this context, the data are not evaluated for marketing purposes.
For these purposes, we have a legitimate interest in processing the data pursuant to point (f) of Article 6(1) GDPR.
4. Period of storage
The data shall be erased as soon as they are no longer required to achieve the purpose of their collection. For data collected to provide the website, this is the case once the respective session is finished.
For data stored in log files, this is the case after 60 days at the latest. The data may be stored beyond this period. In this case, user IP addresses will be erased or modified to render impossible later assignment of the requesting client.
5. Possibility of objection and erasure
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no possibility to object.
4. Registration
1. Description and scope of data processing
On our website, we offer users the possibility to register by providing their personal data and to create a user account. The data entered into the input mask will be transferred to us and stored by us. During the registration process, we collect the following personal data:
Name
Postal address (including invoice address), if required
Phone number, if required
Email address
Profile picture, if required
Information regarding social network accounts
Location and travel information and preferences such as your favourite holiday destination, dates and number of people/children travelling with you
Communication via our messaging system, if required
Driving licence, official ID card or passport, if required
Bank details (payments to the host), if required
IP address and derived localisation data (country/city of origin)
Date and time of your visit to our website
2. Legal basis for data processing
Points (a) of Article 6(1) and (b) Article 6(1) GDPR are the legal basis for the processing of data.
3. Purpose of data processing
User registration is required to make certain content and services available on our website.
In addition, you can create a personal user account on our website. This allows you to save your personal settings, to post a listing or make a booking.
Wimdu requires your email address, a freely chosen password, a form of address, first name and surname, address, date of birth and payment details to set up an account. The given email address serves as access identification for your user account. After successful registration, you will automatically receive a confirmation email. You can update your personal data in the settings of your user account at any time.
4. Period of storage
The data shall be erased as soon as they are no longer required to achieve the purpose of their collection.
This is the case for data collected during the registration process if the registration on our website is cancelled or modified.
In addition, this is the case if the data are no longer required for the performance of the mediation contract.
5. Possibility of objection and erasure
As a user you have the possibility to cancel your registration at any time. You may have all stored data concerning yourself modified at any time.
For the cancellation of your user account, please send your request to our Customer Support Team. You may contact Wimdu via our contact form or via email to datenschutz@wimdu.com. An employee of our support team will then cancel your account.
If the data are required for the performance of a contract or in order to take steps prior to entering into a contract, premature erasure is only possible if the erasure does not conflict with contractual or statutory obligations.
5. Use of cookies
1. Description and scope of data processing
Wimdu uses cookies on the website. Cookies are small text files that are stored in the cache of your browser to enable later recognition.
We use ‘persistent’ cookies. They remain on the user's computer to simplify personalisation and registration services the next time our site is visited. Cookies can, for example, store what the user has selected. The user can manually remove the cookies at any time.
We also use ‘session’ cookies. These do not remain on the user’s computer. Once the user leaves the site, these temporary cookies are deleted.
We use cookies to make our site easier to use. By collecting the information, we can analyse the usage patterns and structures of the site. In this way we can continuously improve our services, for example, the content, personalisation and simplicity of the site.
The following data are stored and transmitted through cookies:
Language settings
Currency settings
Login information
2. Legal basis for data processing
Point (f) of Article 6(1) GDPR is the legal basis for the processing of personal data using technically required cookies.
3. Purpose of data processing
Technically required cookies are used for the purpose of making the site easier to use. Without the use of cookies, some features on our website cannot be offered. For these, the browser needs to be recognised also after switching to another site.
We require cookies for the following applications:
Storing language and currency settings
Remembering search terms
User data collected through technically required cookies are not used to create user profiles.
The purpose of using analysis cookies is to help improve the quality and content of our website. Analysis cookies show us how the website is used and help us to continuously optimise our offers.
4. Period of Storage, possibility of objection and erasure
Cookies are stored on the user’s computer and transmitted from there to our site. As a user, you thus have full control over the use of cookies. By changing the settings in your browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be erased at any time. This can also be done automatically. Deactivating cookies for our website may result in not being able to make full use of all the features on our website anymore. Moreover, this can lead to restrictions in the usability of our website. To opt out of third-party providers’ interest-based advertising, simply check the box that corresponds to the respective company on www.youronlinechoices.com.
6. Web analytics and tracking
By means of so-called ‘tracking tools’ used on the website, data are collected and stored for marketing and optimisation purposes. The user can object to future data collection and storage at any time.
1. Scope of personal data processing
On our website we use the following web analytics and tracking tools:
Google Analytics
Google Adwords
Webtrekk
New Relic
Hotjar
2. Legal basis for personal data processing
Point (f) of Article 6(1) GDPR is the legal basis for the processing of personal user data.
3. Purpose of data processing
The processing of personal user data allows us to analyse the browsing behaviour of our users. The evaluation of collected data enables us to gather information on the use of each individual component of our website. This helps us to continuously improve our website and make it easier to use. For this purpose, we have a legitimate interest in processing the data pursuant to point (f) of Article 6(1) GDPR. By anonymising the IP address, the users’ interest of personal data protection is sufficiently complied with. In detail, we use the web analytics and tracking tools as follows:
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies. The information generated by the cookie concerning your use of the website is usually transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization on this website, Google will truncate your IP address for member states of the European Union as well as for other parties of the Agreement on the European Economic Area.
Only in exceptional cases is the full IP address sent to and shortened by a Google server in the United States. On behalf of Wimdu, Google will use this information to evaluate your use of our website, for compiling reports on website activity and providing other services relating to website activity and internet usage to Wimdu. The IP address, transmitted by your browser through Google Analytics, will not be merged with any other data stored by Google.
You can prevent Google’s collection of data generated by cookies relating to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB..
Google AdWords
We also use the online advertising programme Google AdWords and conversion tracking, which is part of Google AdWords. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an advert displayed by Google, a cookie for conversion tracking is stored on your computer. These cookies expire after 30 days, do not contain any personal data and are therefore not used for personal identification.
If you visit certain pages of our website and the cookie has not yet expired, we and Google will be able to see that you clicked on the advert and were brought to this page. Every Google AdWords customer receives a different cookie. This ensures that cookies cannot be tracked on the websites of AdWords customers.
The information collected by means of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. These statistics show the customer the total number of users who have clicked on their advert, and which of those customers were redirected to a page equipped with a conversion tracking tag. However, they do not contain any information that can be used to personally identify users.
Webtrekk
For the statistical evaluation of our websites, we use technology from Webtrekk GmbH, Boxhagener Str. 76-78, 10245 Berlin (www.webtrekk.de). We use Webtrekk services to collect data on the use of our website. This data is used to permanently improve and optimise our offers thus making them more interesting for you.
When using our website, information transmitted by your browser is collected and analysed. This is accomplished by cookie technology and the so-called pixels which are included on each web page. The following data is collected in this context: request (file name of the requested file), browser type/version, browser language, operating system used, internal resolution of the browser window, screen resolution, JavaScript enabling, Java on/off, cookies on/off, colour depth, referrer URL, IP address (collected anonymously and deleted immediately after use), time of access, clicks, anonymised form content (for example, if a phone number has been specified or not).
A direct personal reference is excluded at all times. The data thus collected is used to generate anonymous usage profiles, which form the basis for web statistics. The data collected using Webtrekk technology is not used to identify website visitors personally, without their specific consent, and is not merged with the personal data of the bearer of the pseudonym.
New Relic
We use the plugin New Relic, which enables us to statistically analyse the speed of the web page. This service is operated by New Relic, Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA (“New Relic”).
When a user visits a web page which contains such a plugin, their browser builds a direct connection to the servers of New Relic. Therefore, the provider has no influence on the scope of data collected by New Relic and informs the user according to its current information.
By integrating the plugin, New Relic receives the information that a user has accessed the corresponding page of the offer. If the user is logged in at New Relic, New Relic may assign their visit to their account at New Relic. If a user is not a member of New Relic, there is still the possibility that New Relic will detect and save their IP address.
The purpose and scope of data collection and the further processing and use of data by New Relic, as well as the corresponding rights and settings to protect the privacy of users, can be found in New Relic’s privacy policy under: https://newrelic.com/privacy.
Hotjar
We use the software Hotjar to improve user experience on our web pages. Hotjar helps us to measure and evaluate the user’s behaviour (mouse movements, clicks, scroll height, etc.) on our web pages. For this purpose, Hotjar uses cookies on the user’s devices and it can store user data such as browser information, operating system, time spent on the website, etc.
4. Period of storage
The data shall be erased as soon as they are no longer required for our tracking purposes.
5. Possibility of objection and erasure
Cookies are stored on the user’s computer and transmitted from there to our site. As a user you thus have full control over the use of cookies. By changing the settings in your browser you can deactivate or restrict cookie transmission. Cookies already stored can be erased at any time. This can also be done automatically. Deactivating cookies for our website may result in not being able to make full use of all the features on our website anymore.
Google Analytics:
You can prevent Google’s collection of data generated by cookies relating to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB. Furthermore, you have the possibility to deactivate Google’s collection of website usage data. To do so, please click the following link. By providing confirmation via this link, an opt-out cookie is set on your data carrier. Please note that, when deleting all cookies on your computer, this opt-out cookie is also deleted. If you want to continue to object anonymised data collection by Google, you must set the opt-out cookie again. The opt-out cookie is set per browser and computer. If you visit our web pages from different devices or using different browsers, you must enable the opt-out cookie on each of the different browsers or computers.
Google Adwords:
If you do not want to participate in tracking, you can object to this usage by preventing the installation of cookies by selecting the appropriate setting in your browser software (deactivation option). By doing so, you will not be included in the conversion tracking statistics. For additional information and Google’s privacy policy, please visit http://www.google.com/policies/technologies/ads/, http://www.google.com/policies/privacy/.
Webtrekk:
The collection and storage of data by Webtrekk can be objected to at any time with future effect. To do so, please click the following link. By providing confirmation via this link, a so-called opt-out cookie is set on your data carrier. The validity period of this cookie is 5 years. Please note that, when deleting all cookies on your computer, this opt-out-cookie is also deleted. If you want to continue to object anonymised data collection by Webtrekk, you must set the opt-out cookie again. The opt-out cookie is set per browser and computer. If you visit our web pages from different devices or using different browsers, you must enable the opt-out cookie on each of the different browsers or computers.
New Relic:
If a user is a member of New Relic and does not want New Relic to collect data about them through this offer and associate them with their membership data saved at New Relic, the user must log out of New Relic before visiting the website.
Hotjar:
For more information about data processing by Hotjar, please click here: https://www.hotjar.com/privacy.
7. Re-targeting
1. Scope of personal data processing
Our website uses so called re-targeting technology. We use the following technologies:
Goolge Analytics
Criteo GmbH
Web beacons/pixels
2. Legal basis for personal data processing
Point (f) of Article 6(1) GDPR is the legal basis for the processing of personal user data.
3. Purpose of data processing
We use these technologies to make our internet offers more appealing to you. This technology allows us to address internet users who are already interested in our offers via advertising on the websites of our partners. For this purpose, we have a legitimate interest in processing the data pursuant to point (f) of Article 6(1) GDPR. The anonymisation of the IP address sufficiently takes into account the interest of users in their protection of personal data. In detail, we use the technologies as follows:
Criteo GmbH
We use tracking technology from Criteo GmbH on our website. This technology allows us to address internet users who have visited our website via targeted product recommendations in the form of advertising banners on the websites of our partners. Such advertising banners are displayed on our partners’ sites based on cookies and an analysis of your previous user behaviour. This analysis is conducted anonymously; no usage profiles are merged with your real name.
Web beacons/pixels
We may also use pixels. A pixel is a tiny graphic that is only one pixel in size and is sent to your computer either via a web page request or in an HTML email format. These pixels are used either directly or by third parties as a part of online advertising on our website or third-party websites. This enables us to learn whether a customer viewing the advertisement actually makes a booking. In addition, this makes it possible to track conversion through partner websites and to analyse the traffic patterns of users on the website in order to optimise our offers for you.
4. Period of storage
The data shall be erased as soon as they are no longer required for our tracking purposes.
5. Possibility of objection and erasure
By changing the settings in your internet browser you can deactivate or restrict cookie transmission. This can also be done automatically. Deactivating cookies for our website may result in not being able to make full use of all the features on our website anymore.
Criteo GmbH
You may object to the collection of data by Criteo GmbH at any time under the following link: https://criteo.com/privacy.
8. Social plugins (Facebook Connect
1. Scope of personal data processing
Facebook Connect is a service provided by Facebook, Inc. The use of Facebook Connect is subject to the privacy policy and terms of use of Facebook.
When using Facebook Connect, data available to the public and data from your Facebook profile published on Facebook is transmitted to our website. Conversely, data from our website or the Wimdu app can also be transmitted to your Facebook profile.
2. Legal basis for the processing of personal data
Point (a) of Article 6(1) GDPR is the legal basis for the processing of personal user data.
3. Purpose of data processing
Your transmitted data is stored and processed by Wimdu for the purpose of registration on our platform. By registering on our platform via Facebook Connect, you agree to the transfer of data from your Facebook profile to Wimdu, and the transfer of data from Wimdu to Facebook.
4. Period of storage
The data shall be erased as soon as they are no longer required for our tracking purposes. The data are thus stored for as long as the user needs the data for registration / login.
5. Possibility of objection and erasure
The user can terminate the user account at any time.
9. Contact form
1. Description and scope of data processing
You can contact Wimdu directly using the contact form provided in the imprint. If a user makes use of this option, the data entered into the input mask will be transferred to us and stored by us. This relates to the following data:
Email address
Phone number, if required
Offer number, if required
Entered text/request
Added attachments
At the time the message is sent, the following data are also stored:
IP address of the user
Date and time of registration
For the processing of data, your consent will be obtained during the sending process and reference is made to this privacy policy.
Alternatively, you can also contact us under the following email address: contact@wimdu.com. In this case, the personal user data transferred through the email are stored.
In this context, no data is disclosed to third parties. The data will be used strictly for the purpose of processing the conversation.
2. Legal basis for data processing
Point (a) of Article 6(1) GDPR is the legal basis for the processing of data, provided that the user has given consent.
Point (f) of Article 6(1) GDPR is the legal basis for the processing of data transferred when sending an email. If the email contact is aimed at concluding a contract, point (b) of Article 6(1) GDPR is an additional legal basis for the processing.
3. Purpose of data processing
Wimdu collects, processes and uses information provided by you via the contact form only for the purpose of processing your request. If contact was established via email, a legitimate interest to process data is given for this purpose.
Other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Period of storage
The data shall be erased as soon as they are no longer required to achieve the purpose of their collection. For personal data from the input mask of the contact form and for personal data transferred via email this is the case as soon as the respective conversation with the user is finished. The conversation is finished when it can be inferred from the circumstances that the issue concerned was resolved.
The personal data additionally collected during the sending process shall be erased after a period of 60 days at the latest.
5. Possibility of objection and erasure
The user can at any time revoke their consent to the processing of personal data. If a user contacts us via email, they can at any time object to the storage of their personal data. In this case, the conversation cannot be continued.
The user may revoke their consent to the processing of personal data and object to the storage of personal data at any time with effect for the future free of charge under datenschutz@wimdu.com or by written notice to Wimdu GmbH, attn. Data Protection Officer, Voltastraße 5, 13355 Berlin.
All personal data stored in connection with contacting shall be erased in this case.
10. Newsletter
1. Description and scope of data processing
It is possible to subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transferred to us.
In connection with the processing of data for sending newsletters, no data is disclosed to third parties. The data will be used strictly for the purpose of sending the newsletter.
2. Legal basis for data processing
Point (a) of Article 6(1) GDPR is the legal basis for the processing of data after the user has registered for the newsletter, provided that the user has given consent.
3. Purpose of data processing
Wimdu uses the email address used to create your user account to send you information about general promotions and offers from Wimdu via email, provided that you have agreed to receive the newsletter. Wimdu may personalise the newsletter content in a way that it contains information Wimdu considers to be of particular interest to you. For such a personalisation of information, Wimdu considers your booking history, i.e. past bookings and offers previously viewed on the website.
4. Period of storage
The data shall be erased as soon as they are no longer required to achieve the purpose of their collection. The user’s email address will be stored for as long as the subscription to the newsletter is active.
5. Possibility of objection and erasure
You can manage your settings for the Wimdu newsletter within your user account. You can also opt-out of receiving the newsletter in your user account or by using the contact form. Additionally, a link to unsubscribe is included in every newsletter.
11. Rights of the data subject
If personal data relating to you are processed, you are referred to as data subject as laid down in the GDPR and you shall be entitled to the following rights against the controller:
1. Right of access
You have the right to free information about your saved personal data.
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.
If that is the case, you can request access to the following information from the controller:
the purposes for which the personal data are processed;
the categories of personal data concerned;
the recipients or categories of recipients to whom personal data concerning you have been or will be disclosed;
the envisaged period for which personal data concerning you will be stored, or, if no concrete data are available, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data concerning you, a right to the restriction of processing of personal data by the controller or a right to object to such processing;
the right to lodge a complaint with a supervisory authority;
any available information regarding the source of the data, where the personal data are not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to rectification
We take reasonable steps to ensure that saved personal data are accurate. It is your responsibility to ensure that the information transferred to us is accurate, complete and free from errors, and to inform us in due time of any changes to the information provided.
You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you. Rectification shall be effected by the controller without undue delay.
3. Right to restriction of processing
You have the right to obtain restriction of processing personal data concerning you under the following conditions:
if you contest the accuracy of personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
If the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
if you objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where the processing of personal data concerning you have been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing was restricted pursuant to the above mentioned conditions, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
Under certain conditions you can request the erasure of personal data saved by us. This does not include data which need to be stored by Wimdu for reasons of public interest.
a) Obligation to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:
The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw consent on which the processing was based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.
You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
The personal data concerning you have been unlawfully processed.
It is necessary to erase the personal data concerning you for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
for the establishment, exercise or defence of legal claims.
5. Right to information
If you exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Revocation of consent
You may revoke your consent to the collection, processing and use of data at any time with effect for the future free of charge under datenschutz@wimdu.com or via written notice to Wimdu GmbH, attn. Data Protection Officer, Voltastraße 5, 13355 Berlin. The lawfulness of processing based on consent before its withdrawal shall not be affected by the withdrawal of consent.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
is necessary for entering into, or the performance of, a contract between yourself and a data controller;
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
is based on your explicit consent.
However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
For further questions on our privacy policy and the processing of personal data, please contact us under datenschutz@wimdu.com. You may also reach us using the contact details provided in the imprint.
D