Data protection
Privacy Policy
The protection of your personal data and the preservation of your privacy are very important to us. Because privacy is very important to us we treat all information about you as confidential!
As the responsible provider, KinderDent GmbH, collects, processes and uses personal data that you leave when you visit our website or communicate to us by other means only in accordance with the relevant data protection provisions, in particular the Federal Data Protection Act (BDSG), the Telecommunications Act (TKG), the Telemedia Act (TMG) and the General Data Protection Regulation (GDPR).
We therefore inform you here about the nature, scope and purpose of the collection and use of personal data.
This privacy policy only applies to the websites operated by us and to our catalogue, flyers and other information material as well as shipping via these and does not refer to any offers of third parties, which we refer to in the form of links.
I. Definitions
“Personal data” means any information relating to an identified or identifiable natural person; a natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person;
According to recital 14 on the material scope of the GDPR (Art. 2 GDPR), the protection afforded by this regulation applies to the processing of personal data of individuals regardless of their nationality or place of residence. This regulation does not apply to the processing of personal data of legal persons and in particular companies established as legal persons, including data such as the name, legal form or contact details of the legal person.
“Processing” means any operation or series of operations related to personal data, such as collection, gathering, organisation, ordering, storage, adaptation or modification, read-out, queries, performed with or without the aid of automated procedures, use, disclosure through submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.
“Profiling” means any kind of automated processing of personal data which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, or to analyse or predict personal preferences, interests, reliability, behaviour, location or change of location of that natural person.
“Controller” means the natural or legal person, public authority, body or entity that decides, alone or in concert with others, on the purposes and means of processing personal data.
“Commissioned processor” means a natural or legal person, public authority, body or entity that processes personal data on behalf of the controller.
II. Name and address of the controller
The responsible controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
KinderDent GmbH
Gutenbergstraße 7
28844 Weyhe
Germany
District Court Walsrode: HRB 111 849
Seat: Weyhe
Phone: +49 (0) 42 03 - 43 33 2
Telefax: +49 (0) 42 03 - 43 38 4
E-mail: order(at)kinderdent.com
Website: www.kinderdent.com
III. General information about data processing
1. Scope and purpose of the processing of personal data
In principle, we process personal data only insofar as this is necessary for the provision of a functional website and our content and services and/or for the fulfilment or initiation of the contracts concluded with us.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, the legal basis is Art. 6 (1) (a) of the General Data Protection Regulation (GDPR).
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, the legal basis is Art. 6 (1) (b) GDPR. This also applies to processing operations required to carry out pre-contractual measures.
Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, the legal basis is Art. 6 (1) (c) GDPR.
In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis of the processing is Art. 6 (1) (d) GDPR.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the former interests, the legal basis for processing is Art. 6 (1) (f) GDPR.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage not longer applies, unless statutory retention requirements (e.g. commercial and/or fiscal retention obligations) are opposed to deletion. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
We or our webspace provider, Mittwald CM Service GmbH & Co. KG, collect data about any access to our website (so-called server log files). You can use our website without directly providing information about yourself. With each access to our website, data is automatically transmitted through the respective internet browser and stored in server log files. The following data is collected here:
(1) IP address, (2) Date and time of retrieval, (3) Pages accessed, (4) Amount of data transmitted, (5) Protocols, (6) Status code, (7) Referrer URL (the website previously visited by the user), (8) User agent, (9) Queried host name.
The data is stored in anonymous logs on the server. This also applies to IP addresses. Storage of this data together with other personal data of the user does not take place.
An attempt to assign the respective IP address to its owner is expressly not made.
2. Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The storage of the IP address is necessary to enable delivery of the website to the computer of the user. The IP address of the user must be stored for this purpose. This allows us to display the customer’s shopping cart on their next visit, provided that they use the same IP.
The storage of the IP in log files is done to ensure the functionality of the website. In addition, the data is used to ensure the security of our information technology systems.
An evaluation of the data for marketing purposes does not take place in this context.
We have a legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR for these purposes.
4. Duration of storage
The IP address will be deleted from our website as soon as the purchase process is completed in the shop.
In the event of storage of the data in log files on the server of our provider, it will be deleted after 60 days. Error logs that log pageview errors are deleted after seven days. In addition to the error messages, these logs include the accessing IP address and, depending on the error, the website accessed.
5. Possibility for objection and correction
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility on the part of the user to object to its collection.
V. Use of cookies
1. Description and scope of data processing
Our website uses cookies in several places. Cookies are text files that are stored in the internet browser or by internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string (alphanumeric IDs), which allows a clear identification of the browser when the website is visited again (recognition of the visitor when visiting the website again).
We use cookies to make our website more user-friendly. Some elements of our website require that the retrieving browser be identified even after a page break.
In addition to our own cookies, additional cookies may be set for the Google Universal Analytics feature. Please note the information under XI.
The transmission of data to Google Universal Analytics is done via an API with anonymous data.
The cookies we use do not collect or store personal data, only pseudonymous data. If the cookie is activated, it will be assigned an identification number and no assignment of your personal data to this identification number will be made. Your name, IP address or similar data that would allow the cookie to be associated with you will not be included in the cookie. Based on the cookie technology, we only receive pseudonymous information, for example, which pages of our shop were visited, which products were viewed, etc.
You can set your browser so that you are informed in advance about the setting of cookies and can decide on a case-by-case basis whether you exclude the acceptance of cookies for specific cases or in general, or completely prevent setting of cookies. This may limit the functionality of the website.
When visiting our website, users will be informed by an info banner about the use of cookies and referred to this privacy policy.
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to allow the use of websites by users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page break.
The user data collected through technically necessary cookies will not be used to create user profiles.
4. Duration of storage and possibility of objection and deletion
Cookies are stored on the computer of the user and transmitted by it to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.
VI. Order, download and shipping of our catalogue
1. Description and scope of data processing
You can download our catalogue as a PDF file from our website or order it by telephone.
If a user downloads the catalogue as PDF, the IP address is transferred to the server of our web space provider for the technical delivery of the PDF.
When a user orders the catalogue by phone, the user’s personal data submitted by the user is stored.
We also send our catalogue to customers and potential customers. For the direct dispatch of our catalogue, supplemented by possible flyers and or further information material on our current products, we use the addresses of customers who have already been recorded with their data by us. These usually result from at least once transacted orders and thus communication of the address data by the customer himself. These address data are available as long as the storage period specified under point 4. requires. In addition, we process purchased addresses from the fields of dentistry, orthodontics, oral and maxillofacial surgery and oral surgery.
To send the catalogue, we use the necessary data, in particular company/practice/organisation, first name, name, title, postal address.
The sending of the catalogue and possibly further advertising material is usually done as part of commissioned processing on our behalf by a service provider company based in Germany.
2. Legal basis for data processing
The legal basis for the processing of the data when ordering the catalogue with the consent of the user is Art. 6 (1) (a) GDPR.
A further legal basis is Art. 6 (1) (b) GDPR.
A further legal basis is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The purpose of the catalogue dispatch and the related collection of data is to inform existing customers continuously and comprehensively and to draw the attention of potential new customers to our products. In this way we will send you information about our specialist offers.
In these purposes are also our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f DSGVO, which also enables us to optimise the KinderDent product range for you.
4. Duration of storage
The data is deleted as soon as it is no longer necessary for the achievement of the purpose of its collection, unless statutory retention requirements (e.g. commercial and/or fiscal retention obligations) preclude deletion.
5. Possibility for objection and correction
You have a right to object at any time in accordance with Art. 21 (2) GDPR, to which we expressly refer.
Pursuant to this regulation, you can stop the use of your data for the catalogue shipping at any time (Art. 21 (3) GDPR).
We will then no longer provide you with a catalogue.
You may also revoke any consent to the storage of personal data collected for the purpose of catalogue delivery at any time.
VII. Registration
1. Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal information. The data is entered into an input mask and transmitted to us and stored. The following data is collected during the registration process:
(1) Salutation (2) Title, optional (3) First name, optional (4) Last name (5) E-mail address (6) Industry, optional (7) Password
At the time of registration, the following data is also stored:
(1) Language of user account entry (2) Date and time of registration (3) Time of last login
As part of the registration process, the consent of the user to process this data is obtained.
You will then receive an e-mail with a link to complete the registration (“Double-Opt-In”).
2. Legal basis for data processing
The legal basis for the processing of the data with the consent of the user is Art. 6 (1) (a) GDPR.
If the registration serves the fulfilment of a contract of which the user is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
A further legal basis is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
Registration of the user is necessary to fulfil a contract with the user or to carry out pre-contractual measures.
On our website, we offer users the option to conclude purchase contracts for the products we offer.
The data collected is necessary for the initiation, the conclusion of the contract and the transaction within the scope of the execution of orders, deliveries and billing.
The necessary personal data is collected and processed in accordance with the provisions of the BDSG and the GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer necessary for the achievement of the purpose of its collection, unless statutory retention requirements (e.g. commercial and/or fiscal retention obligations) preclude deletion.
5. Possibility for objection and correction
As a user, you have the option of cancelling the registration at any time. You can change the data stored about you at any time.
Deletion of the user account and a change of data are possible as follows:
Please contact us by e-mail, letter or fax at:
KinderDent GmbH
Gutenbergstraße 7
28844 Weyhe
Germany
Fax: +49 (0) 42 03 - 43 38 4
E-mail: order(at)kinderdent.com
If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is possible only if contractual or legal obligations do not preclude deletion.
VIII. E-commerce (ordering via our website)
1. Description and scope of processing of personal data
On our website, we offer users a platform for the conclusion of purchase contracts for the products we offer on the website. In the framework of the contract initiation and the conclusion of the contract and/or the ordering process, the personal data required for this purpose is collected, in part in addition to the registration data of the contracting party. This data is:
(1) Invoice address with salutation, title (optional), first name, last name, additional address (optional), contact person (optional), street, house number, postal code, city, country, telephone number, fax number (optional) (2) Different shipping address is applicable with salutation, title (optional), first name, last name, additional address (optional), contact person (optional), street, house number, postal code, city, country, telephone number, fax number (optional) (3) VAT ID, if applicable (4) Payment method
At the time of sending an order, the following data is also stored:
(1) Date of order (2) Content of the shopping cart or the ordered products and their number
2. Legal basis for data processing
The legal basis for the processing of the data with granted consent is Art. 6 (1) (a) GDPR.
The legal basis for processing the data is Art. 6 (1) (b) GDPR.
Further legal basis for the processing of the data is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The data collected is necessary for the initiation, the conclusion of the contract and the transaction within the scope of the execution of orders, deliveries and billing.
4. Duration of storage
The data is deleted as soon as it is no longer necessary for the achievement of the purpose of its collection, unless statutory retention requirements (e.g. commercial and/or fiscal retention obligations) preclude deletion.
5. Possibility for objection and correction
As a user, you always have the option to change or delete the data stored about you.
Change or deletion of data is possible as follows:
Please contact us by e-mail, letter or fax at:
KinderDent GmbH
Gutenbergstraße 7
28844 Weyhe
Germany
Fax: +49 (0) 42 03 - 43 38 4
E-mail: order(at)kinderdent.com
If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is possible only if contractual or legal obligations do not preclude deletion.
IX. Orders via the catalogue
1. Description and scope of processing of personal data
Through our catalogue, we offer you the opportunity to order the products offered by us in the catalogue. Our catalogue contains order forms for this purpose.
As part of the ordering process, the required personal data of the contracting party is collected by us by e-mail, by telephone, by fax or using our order forms. This data can be:
(1) Practice (2) Title (3) Last name, first name (4) Street and number (5) Postal code and city (6) Telephone and fax number (7) E-mail (8) Customer number, if applicable
2. Legal basis for data processing
The legal basis for processing the data is Art. 6 (1) (b) GDPR.
A further legal basis is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The data collected is required for the initiation, the conclusion of the contract and the transaction as well as the design or modification of the legal relationship, in particular for the execution of orders, deliveries and invoices.
Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR also lies therein.
4. Duration of storage
The data is deleted as soon as it is no longer necessary for the achievement of the purpose of its collection, unless statutory retention requirements (e.g. commercial and/or fiscal retention obligations) preclude deletion.
5. Possibility for objection and correction
As a user, you always have the option to change or delete the data stored about you.
Change or deletion of data is possible as follows:
Please contact us by e-mail, letter or fax at:
KinderDent GmbH
Gutenbergstraße 7
28844 Weyhe
Germany
Fax: +49 (0) 42 03 - 43 38 4
E-mail: order(at)kinderdent.com
If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is possible only if contractual or legal obligations do not preclude deletion.
X. Contact form and e-mail contact
1. Description and scope of data processing
A contact form is provide on our website, which can be used for electronic contact. If a user uses this option, the data entered in the input mask will be transmitted to us and saved. This data is:
(1) Gender (male/female), optional (2) Title, optional (3) Last name (4) First name (5) Street, optional (6) House number, optional (7) Postal code, optional (8) City, optional (9) Country, optional (10) E-mail address (11) Subject (12) Message
Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data with the consent of the user is Art. 6 (1) (a) GDPR.
If the e-mail contact aims to conclude a contract, then the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The processing of the personal data from the input mask or e-mail serves us only for the purpose of processing the contact. Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR also lies therein.
4. Duration of storage
The data is deleted as soon as it is no longer necessary for the achievement of the purpose of its collection, unless statutory retention requirements (e.g. commercial and/or fiscal retention obligations) preclude deletion.
5. Possibility for objection and correction
The user has the possibility at any time to revoke their consent to the processing of the personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot continue.
Users may declare the revocation of their consent to the processing of the personal data and/or object to the storage of the personal data as follows:
Please direct your inquiries and notes as well as all other questions about data protection to us via the e-mail address order@kinderdent.com or write us at the address: KinderDent GmbH, Gutenbergstraße 7, 28844 Weyhe.
XI. Use of Google Universal Analytics
1. Description and scope of data processing
Our website uses Google Universal Analytics, a web analytics service provided by Google Inc. (“Google”).
Google Universal Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website.
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Your IP address will be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to storage and thus anonymised.
The IP address provided to Google Analytics by your browser within the framework of Google Analytics will not be merged with other Google data to the best of our knowledge.
2. Legal basis for the processing of personal data
The legal basis for processing the user's personal data is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
We have a legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR for these purposes.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Deletion by Google Universal Analytics takes place in our case after 14 months.
5. Possibility for objection and correction
You can prevent the collection of data via Google by installing the cookie provided by Google in your browser or by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. If you use several devices and browsers to access our website, you must save/install it in each browser.
XII. Transfer of personal data to third parties, e.g. suppliers
1. Description, scope and purpose of data processing
In principle, we only use your personal data within our company. But to initiate and carry out contracts, it is necessary to provide the required data to our service partners for order processing (e.g. logistics service providers/fulfiller, shipping companies, call centres). If and insofar as we engage third parties in carrying out contracts, this personal data is only provided to the extent that the transmission is required for the corresponding service. In the event that we outsource certain parts of the data processing (e.g. commissioned processing), we contractually obligate the other party to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject's rights.
2. Legal basis for the processing of personal data
The legal basis for processing the user's personal data is Art. 6 (1) (b) GDPR.
A further legal basis for processing the user's personal data is Art. 6 (1) (f) GDPR.
3. Duration of storage
The data is deleted as soon as it is no longer necessary for the achievement of the purpose of its collection, unless statutory retention requirements (e.g. commercial and/or fiscal retention obligations) preclude deletion.
XIII. Disclosure of personal data in the event of complaints
1. Description and scope of data processing
In the case of a justified complaint or the taking back of goods out of goodwill, it is usually necessary, in order to safeguard our rights with respect to our suppliers and/or the manufacturers, to transfer your personal data (in particular name, address, e-mail address, telephone number, invoice number, order number and/or customer number) to the direct suppliers or subcontractors and/or the manufacturer for identifying the specific goods and processing the complaint.
2. Legal basis for the processing of personal data
In the event of consent given by the user, the legal basis for processing is Art. 6 (1) (a) GDPR.
The legal basis for processing the data is also Article 6 (1) (b) GDPR.
A further legal basis is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
Disclosure of the data may be required in individual cases to safeguard our rights vis-à-vis our direct suppliers or subcontractors or the manufacturers.
Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR also lies therein.
4. Duration of storage
Insofar as no explicit storage period is specified during the collection (e.g. as part of a declaration of consent), your personal data will be deleted insofar as it is no longer required to fulfil the purpose for which it was stored, unless statutory retention requirements (e.g. commercial and/or fiscal retention requirements ) are opposed to deletion.
5. Possibility for objection and correction
You may revoke any consent given to us at any time (e.g. via order@kinderdent.com or by writing to us at this address: KinderDent GmbH, Gutenbergstraße 7, 28844 Weyhe.
XIV. Integration of services or content of third parties
It may happen that contents or services of third-party providers, such as videos from other websites, are integrated within our website. The integration of content from third-party providers always requires that the third-party providers perceive the IP address of the users, since they could not send the content to the users’ browser without the IP address. The IP address is therefore required for the presentation of this content. Furthermore, providers of third-party content can set their own cookies and process users’ data for their own purposes. In the process, user profiles can be created from the processed data. We will use this content as much as possible in a data-minimising and data-avoiding manner and will select reliable third-party providers with regard to data security. We strive to use only those contents whose respective providers use the IP address only for the delivery of the content. However, we have no influence on whether a third party provider stores the IP address e.g. for statistical purposes or collects additional data of the user. We will inform users about this to the best of our knowledge.
Below we list the third-party providers as well as their content, along with links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, offer possibilities to object to the data processing (so-called opt-out):
- Videos from the third-party platform “YouTube” Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/,
Opt-Out: https://www.google.com/settings/ads/.
XV. Rights of data subjects
If your personal data is processed, you are a data subject pursuant to GDPR and you have the following rights vis-a-vis the controller:
1. Right to information
You may required the controller to confirm if personal data concerning you is processed.
If such processing occurs, you can request information from the data controller about the following:
(1) The purposes for which the personal data is processed; (2) The categories of personal data being processed; (3) The recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed; (4) The planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage; (5) The existence of a right to correction or deletion of personal data concerning you, a right to restriction of processing by the controller, and a right to object to such processing; (6) The existence of a right of appeal to a supervisory authority; (7) All available information on the source of the data if the personal data is not collected from the data subject; (8) The existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal data is transferred to a third country or an international organisation. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.
2. Right to correction
You have a right to correction and/or completion vis-a-vis the controller, if the personal data processed about you is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) If you contest the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of your personal data; (2) The processing is unlawful and you decline the deletion of the personal data and instead demand the restriction of the use of the personal data; (3) The controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or (4) You have objected to processing in accordance with Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest to the Union or a Member State.
If the restriction on processing has been implemented in accordance with the above conditions, the controller must inform you before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You may require the controller to delete your personal data without delay, and the controller is required to delete that information immediately if one of the following applies:
(1) Personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent on the basis of which the processing was carried out pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for processing.
(3) Pursuant to Art. 21 (1) GDPR, you object to the processing and there are no prevailing justifiable reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obligated to delete it pursuant to Art. 17 (1) GDPR, the controller shall take appropriate measures, including technical measures, under consideration of the available technology and appropriate costs, to inform other controllers who process the personal data that you as a data subject, have requested deletion of all links to or copies or replications of such personal data.
c) Exceptions
The right to deletion does not exist if the processing is necessary:
(1) To exercise the right to freedom of expression and information; (2) For reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR; (3) For archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or (4) To assert, pursue or defend legal claims.
5. Right to information
If you have the right to correction, deletion or restriction of processing vis-a-vis the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have vis-a-vis the controller to be informed about these recipients.
6. Right to data portability
You have the right to receive personally identifiable data you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to whom you provided the data, insofar as:
(1) The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or is based on a contract pursuant to Art. 6 (1) (b) GDPR and (2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to require that your personal data relating to you is transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or the exercise of official authority delegated to the controller.
7. Right to objection
You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data which takes place pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller must no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision-making on an individual basis including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you. This does not apply if the decision
(1) Is required for the conclusion or performance of a contract between you and the controller; (2) Is permitted by Union or Member State legislation to which the controller is subject; and such legislation provides for reasonable safeguards of your rights and freedoms and your legitimate interests, or (3) Is done with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and reasonable measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller must take appropriate measures to uphold the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person at the controller, the right to express their own position and the right to challenge the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
11. Contact
Please direct your inquiries and notes as well as all other questions and statements about data protection to us via the e-mail address order@kinderdent.com, or write us at the address: KinderDent GmbH, Gutenbergstraße 7, 28844 Weyhe, or send us a fax.
XVI. General data security on the internet
Please note that data transmission in the internet (e.g. unencrypted http connection, communication via unencrypted e-mail) can generally have security gaps and may not be protected against viewing by third parties; therefore, complete data security and and the constant secure protection of your personal data cannot be guaranteed.
Privacy policy of KinderDent GmbH, May 2018