Privacy Policy (english)

As of: February 2022

(please find the original German version of this privacy policy at https://www.libreoffice.org/privacy)

I.I Name and address of the controller

The controller for the purpose of the EU GDPR (General Data Protection Regulation) and other national data protection laws of the Member States, as well as other data protection regulations, is:

The Document Foundation (TDF)

gemeinnützige, rechtsfähige Stiftung des Bürgerlichen Rechts

Winterfeldtstraße 52
10781 Berlin

Deutschland

Tel.: +49 30 55579920

Email: info@documentfoundation.org

Website: https://www.documentfoundation.org

I.II General information about data processing

1.2.1 Extent of the processing of personal data

We collect and use personal information from our users only to the extent necessary to provide a functional website, content and services. The collection and use of personal data from our users takes place only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for factual reasons, and processing the data is permitted by law.

1.2.2 Legal basis for the processing of personal data

When we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data necessary for completing a contract, in which the data subject is a party, Art. 6 para. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

When the processing of personal data is required to fulfil a legal obligation to which our foundation is subjected, Art. 6 para. 1 lit. c of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d of the GDPR serves as the legal basis.

If processing is necessary to safeguard the factual interests of our foundation or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh those interests, Art. 6 para. 1 lit. f of the GDPR serves as the legal basis for processing.

1.2.3 Deletion of data and storage duration

The personal data of the data subject will be deleted or blocked as soon as the reason for storage expires. In addition, data storage may occur when required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Restriction or deletion of data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a need for longer storage of the data, for entering or fulfilment of a contract.

I.III Accessing the website and creation of log files

1.3.1 Description and extent of data processing

Each time our website is accessed, our system automatically collects data and information from the requesting computer. The following data is collected:

  1. Information about the user's web browser and its version;

  2. The user's operating system;

  3. The user's IP address;

  4. The date and time of access;

  5. Websites from which the user's system reaches our website;

  6. Websites that are accessed by the user's system through our website.

The data is also stored in our systems' log files. Storage of this data together with other personal data of the user does not occur.

1.3.2 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f of the GDPR.

1.3.3 Reason for data processing

Temporary storage of the IP address by the system is necessary to deliver the website to the user's computer. To do this, the user's IP address must be stored for the duration of the session.

Storage in log files occurs to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. Analysis of the data for marketing purposes does not take place in this context.

For these purposes, our factual interest in the processing of data is according to Art. 6 para. 1 lit. f of the GDPR.

1.3.4 Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. In the case of data collection used to providing the website, this takes place when the respective session is completed.

For data storage in log files, this takes place after fourteen days at the latest. Longer storage is possible. In this case, the IP addresses of the users are deleted or obfuscated, so that linking the data to the requesting client is no longer possible.

1.3.5 Option to object and remove data

The collection of data for accessing the website and the storage of the data in log files is essential for the operation of the website. There is consequently no option for users to opt-out of this data collection.

I.IV Usage of cookies

1.4.1. Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in or by the web browser on the user's computer systems. When a user visits a website, a cookie may be stored in the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even across multiple sessions. Only a random ID is stored in the cookie and transmitted.

In addition, some services offered through our web servers use cookies to store custom settings across sessions. These are in particular: Jitsi (the specified user name is stored), OpenGrok (search preferences), WordPress (user name, URL and email address) and EtherPad (user name and text colour assigned to it). It is not necessary to provide a username in order to use these services.

When accessing our website, users are informed by a banner about the use of cookies for analysis purposes, and users are referred to this privacy policy. In this context, there is also information of how browser settings can be changed to prevent the storage of cookies.

1.4.2 Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f of the GDPR.

1.4.3 Reason for data processing

The reason for using cookies is to simplify the use of the websites. Some features of our website cannot be provided without the use of cookies. For these, it is necessary that the browser can be recognized across multiple sessions.

We require cookies for the following:

  1. To keep logins active.

  2. To preserve individual settings such as user names or search preferences.

The user data collected via those technically necessary cookies will not be used to create user profiles.

For these purposes, our factual interest in the processing of personal data is pursuant to Art. 6 para. 1 lit. f of the GDPR.

1.4.4 Duration of storage, and option to object and remove data

Cookies are stored on the users's computer and transmitted by the computer to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have been saved already can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may though not be possible to use all the features of our website in full.

I.V Notifications and mailing lists

1.5.1 Description and extent of data processing

Our website provides the opportunity to subscribe to free notification services or mailing lists. When a user signs up for the notification service or a mailing list, the data from the registration dialog or the email is sent to us, such as the email address being used. In addition, the following data is collected upon registration:

  1. IP address of the requesting computer

  2. Date and time of the registration confirmation

For processing the data, your consent is obtained during the registration process and a reference is made to this privacy policy.

Regarding data processing used to send notifications or emails from a mailing list, no transfer of the data to third parties takes place. The data will be used exclusively for sending notifications or emails from a mailing list.

1.5.2 Legal basis for data processing

The legal basis for processing data after registration by the user is the consent from the user, according to Art. 6 para. 1 lit. a of the GDPR.

1.5.3 Reason for data processing

The collection of the user's email address serves to deliver notifications or emails from the mailing list. The collection of the date and time of the registration confirmation serves as proof of registration (opt-in).

1.5.4 Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. The date of the registration confirmation and the email address of the user will be stored for as long as the subscription to the notifications or mailing list is active. Other personal data collected during the registration process will normally be deleted after a period of five weeks.

1.5.5 Option to object and remove data

Subscriptions to notifications or mailing lists can be terminated by the affected user at any time. For this purpose, there is detailed information in every notification or email.

I.VI Registration

1.6.1 Description and extent of data processing

On our website, we offer users the opportunity to register by providing personal information (for example: Bugzilla, the wiki, WebSingleSignOn, Pootle, AskBot). The data is entered into a dialog box, and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collected as part of the registration process: a username, and an email address. Details like the name ("real name") or further personal information is always voluntary.

At the time of registration, the following data is also stored:

  1. The user's IP address

  2. The date and time when the registration took place

As part of the registration process, the user's consent to process this data is obtained.

1.6.2 Legal basis for data processing

The legal basis for processing the data is the consent of the user, according to Art. 6 para. 1 lit. a of the GDPR.

1.6.3 Reason for data processing

User registration is required for the provision of certain content and services on our website.

For specific notification of the user's changes;

To prevent abuse;

1.6.4 Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected.

This is the case for the data collected during the registration process when the registration on our website is canceled or modified.

1.6.5 Option to object and remove data

As a user, you have the option to cancel the registration at any time. You can change or modify the data stored about you at any time. You will find this information in the confirmation email for your application, as well as on the login page of the service. An email with relevant information to privacy@documentfoundation.org is also sufficient.


I.VII Email contact

1.7.1 Description and extent of data processing

On our website, it is possible to contact us via the provided email address. In this case, the user's personal data transmitted by email will be stored.

There is no disclosure of the data to third parties. The data is used exclusively to process the conversation.

1.7.2 Legal basis for data processing

The legal basis for processing the data is consent of the user, according to Art. 6 para. 1 lit. a of the GDPR.

The legal basis for processing the data that is transmitted when sending an email is Article 6 (1) lit. f of the GDPR. If the email contact aims to conclude a contract, then the additional legal basis for processing is Art. 6 para. 1 lit. b of the GDPR.

1.7.3 Reason for data processing

The processing of personal data of the contact via email serves only for processing the communication.

1.7.4 Duration of storage

The data will be deleted as soon as it is not needed to achieve the purposes for which it was collected. This is the case for personal data sent by email, if the respective email is no longer required. In addition, statutory storage requirements may apply.

1.7.5 Option to object and remove data

The user has the option – at any time – to revoke his consent to the processing of his personal data. If the user contacts us by email, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue. All you need to do is send an mail with relevant information to privacy@documentfoundation.org.

All personal data stored in the course of communication will be deleted in this case.

I.VIII Web analytics via Matomo

1.8.1 Extent of processing of personal data

On our website, we use the open-source software tool Matomo (formerly Piwik) to analyse the browsing behaviour of our users. This software creates a cookie on the computer of the users (for details about cookies, see above). When individual pages of our website are accessed, the following data is stored:

  1. Two bytes of the IP address of the user's system

  2. The website that is accessed

  3. The website which led the user to access our website (referrer)

  4. The subpages that accessed from the website that was accessed

  5. The session duration on the website (how long the user accesses it)

  6. How often the website is accessed

The software runs exclusively on our website's servers. Storage of personal data only takes place there. Transfer of the data to third parties does not take place.

The software is configured such that the IP addresses are not stored completely, but two bytes of the IP address are masked (eg 192.168.xxx.xxx). In this way, it is no longer possible to associate the shortened IP address with the requesting computer.

1.8.2 Legal basis for the processing of personal data

The legal basis for processing users' personal data is Article 6 (1) lit. f of the GDPR.

1.8.3 Reason for data processing

The processing of users' personal data enables us to analyse the browsing behaviour of our users. By analysing the obtained data, we are able to compile information about the use of individual parts of our website. This helps us to constantly improve our website and its user-friendliness. For these purposes, our factual interest lies in the processing of the data according to Art. 6 para. 1 lit. f of the GDPR. The anonymisation of the IP address takes into account the interests of users regarding protection of their personal data.

1.8.4 Duration of storage

The data will be deleted as soon as is is no longer required for our recording purposes. In our case, this takes place after 180 days.

1.8.5 Option to object and remove data

On the site https://www.documentfoundation.org/privacy, we offer our users the option to opt out of the analysis process. For this, you must follow the appropriate link. In this way, another cookie is set on your system, which tells our systems to not save the user's data. If the user deletes the corresponding cookie in the meantime from his own system, he must set the opt-out cookie again.

I.IX Payment service providers

1.9.1 Extent of processing of personal data

On our website, we offer the opportunity to make a donation to us. We use external payment service providers whose platforms allow users to make payment transactions to us - e.g. (in parenthesis the link to the privacy policy): Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_GB#Updated_PS), Stripe (https://stripe.com/privacy), CoinGate (https://coingate.com/privacy), BitPay (https://bitpay.com/about/privacy), Flattr (https://flattr.com/privacy), Visa (https://usa.visa.com/legal/privacy-policy.html), Mastercard (https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html). For these purposes, data is transmitted to the selected financial service provider. These are:

  1. the IP address of the user's system;

  2. the chosen amount and currency;

  3. the website from which the donator initiated the donation;

  4. whether the donation is a one-off, or recurring;

  5. (optionally) the email address of the donator.

1.9.2 Legal basis for the processing of personal data

The legal basis for the processing of the data is the consent of the user, according to Art. 6 para. 1 lit. a of the GDPR.

1.9.3 Reason for data processing

The processing serves to process a donation by an external financial service provider.

1.9.4 Duration of storage

The data will be deleted after it is sent to the financial service provider.

1.9.5 Option to object and remove data

Since the process is triggered by the user himself and the data associated with it is deleted immediately thereafter, there is no option to opt-out or delete on our part.

I.X Comments and Postings

In case a user leaves comments or other postings, the IP address may be stored for 7 days based on our factual interest in the processing of personal data is pursuant to Art. 6 para. 1 lit. f of the GDPR. Since we might be liable for illegal content (such as defamation, forbidden propaganda, etc) we want to be able to identify the author.

Furthermore we might use the data in order to detect spam, according to Art. 6 para. 1 lit. a of the GDPR.

The data provided in the context of the comment or posting is stored permanently until the user objects.

I.XI Crash Reports

1.11.1 Extent of processing of personal data

Each time LibreOffice crashes, a crash report is automatically generated. The user can choose to submit this crash report, as long as the feature for sending crash reports hasn’t been disabled.

The following data are included in the crash report (known as a „minidump“):

  • The version number of LibreOffice being used;

  • The modules and libraries that were loaded when LibreOffice crashed, with full installation path;

  • Stacktraces of threads, modules and libraries, and for earlier versions of LibreOffice (before 7.2) the environment variables at the time LibreOffice crashed;

  • No user-created documents are submitted in the crash report.

  • The operating system name and version number being used;

  • The manufacturer and model of the user's CPU, the graphics card (GPU) being used and its driver version, and whether certain GPU functions such as OpenGL or OpenCL are enabled;

  • The user interface (UI) language currently enabled;

  • Date and time of the crash.

  • The contents of the CPU registers, along with very small parts of the system memory at the time of the crash, are part of the crash report information. However, this data is not analyzed – only anonymized information is stored. The minidump is deleted immediately after processing.

1.11.2 Legal basis for the processing of personal data

The legal basis for the processing of the data is the consent of the user, according to Art. 6 para. 1 lit. a of the GDPR.

1.11.3 Reason for data processing

The crash reports are used to improve the quality of LibreOffice.

1.11.4 Duration of storage

The transmitted reports will be deleted immediately after they have been processed, only anonymized reports are stored permanently.

1.11.5 Option to object and remove data

The users is prompted each time prior to submitting a report. If no reports should be sent at all, the user can disable the feature in the options (LibreOffice | General → Send crash reports to The Document Foundation). Since no personal data persists, there is no option to delete on our part.

I.XII Integration of third party services

1.12.1 Type and extent

Our websites use third party services. They are integrated dynamically into web pages. These services can set cookies from the respective providers on your computer, and also execute JavaScript code.

1.12.1.1 Use of Google Maps

On our websites, we use the "Google Maps" component from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereafter referred to as "Google".

Each time Google Maps is accessed, Google sets a cookie to process user settings and data when viewing the page that has the Google Maps component integrated. This cookie is usually not deleted by closing the browser, but it will expire after a certain amount of time unless it is manually deleted by you.

If you disagree with the processing of your data, you may disable the "Google Maps" service and prevent the transmission of data to Google in this way. To do this, you must disable the JavaScript feature in your browser. However, please note that in this case you will not be able to use "Google Maps" at all, or only to a limited extent.

Use of "Google Maps" and information obtained through "Google Maps" is subject to the Google Terms of Use:

http://www.google.de/intl/de/policies/terms/regional.html

and the additional terms and conditions for "Google Maps":

https://www.google.com/intl/de_de/help/terms_maps.html.

1.12.1.2 Use of reCAPTCHA

To protect data entry forms on our websites, we use the service "reCAPTCHA" from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereafter referred to as "Google". Through the use of this service, it can be determined whether the corresponding input is from a human, or the form is being abused by automated machine processing.

To our knowledge, the following are transferred to "Google": referrer URL, the IP address, the behaviour of the website visitors, information about the operating system, browser and duration, cookies, presentation instructions and scripts, the input behaviour of the user and mouse movements in the "reCAPTCHA" checkbox.

Among other things, Google uses this information to digitize books and other printed materials, as well as to optimize services such as Google Street View and Google Maps (eg house number and street name recognition).

The IP address submitted as part of "reCAPTCHA" will not be merged with any other data provided by Google, unless you are logged in to your Google Account at the time you use the "reCAPTCHA" plug-in. If you want to prevent this transmission and storage of data about you and your behaviour on our website by "Google", you must log out of "Google" before you visit our site or use the reCAPTCHA plug-in.

Use of the information obtained by the "reCAPTCHA" service is in accordance with the Google Terms of Use:

https://www.google.com/intl/de/policies/privacy/.

1.12.1.3 Use of Twitter Recommendation Component

We use components from the Twitter service on our websites. Twitter is a service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, United States.

Each time you visit our websites which contain such a component, this component causes the browser you are using to download a corresponding representation of the component of Twitter. Through this process, Twitter is informed about which specific page of our website is currently being visited.

We have no control over the information that Twitter collects here, nor about the amount of data collected by Twitter. To the best of our knowledge, Twitter collects the URL of the respective website and the user's IP address, but it is not used for purposes other than the presentation of the Twitter component. Further information can be found in the privacy policy of Twitter at http://twitter.com/privacy.

You can change your privacy settings in the Account Settings at http://twitter.com/account/settings.

1.12.1.4 Use of YouTube components with advanced privacy mode

On our websites, we use components (videos) from the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Here we use the option provided by YouTube "- extended privacy mode -".

When you visit a page that has an embedded video, it will connect to the YouTube servers and display the content by notifying your browser on the website.

According to information provided by YouTube, in "- enhanced privacy mode -" data is only transmitted to the YouTube server when watching the video, in particular which of our web pages you have visited. If you are logged in to YouTube at the same time, this information will be associated with your membership account on YouTube. You can prevent this by logging out of your account before visiting our website.

Additional information about YouTube's privacy is provided by Google at the following link:

https://www.google.de/intl/de/policies/privacy/

1.12.1.5 Use of Vimeo components

We use components of the Vimeo service on our website. Vimeo is a service of Vimeo LCC, 555 West 18th Street, NY, New York 10011, USA. Each time you visit a web page which has such a component, this component causes the browser you are using to download a corresponding representation of the component from Vimeo. When you visit our site and you are logged in to Vimeo, Vimeo recognises, through the information gathered by the component, which specific site you are visiting and assigns this information to your personal Vimeo account. If, for instance, you click the "Play" button or leave a comment, this information will be transmitted to your personal Vimeo account and stored there. In addition, the fact that you have visited our site is passed on to Vimeo. This happens regardless of whether you, for instance, click on the component, or leave comments, or not.

If you wish to stop this transmission and storage of data about you and your behaviour on our website through Vimeo, you must log out of Vimeo before you visit our site. The privacy notices of Vimeo provide more detailed information, in particular for the collection and use of data by Vimeo: https://vimeo.com/privacy

1.12.1.6 Use of social media buttons with "Shariff"

We use the c't project "Shariff" on our website. "Shariff" replaces the usual social media sharing buttons, thereby protecting browsing behaviour.

"Shariff" integrates social network share buttons on our website only as graphics, which contain a link to the corresponding social network. By clicking on the corresponding graphic you will be redirected to the services of the respective network. The Shariff button does not establish direct contact between the social network and our visitors, until the visitor actively clicks on the share button. Only then will your data be transmitted to the respective social network. If the Shariff button is not clicked, there will be no exchange between you and the social networks. More information about the c't project "Shariff" can be found at http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

We integrate the following social networks on our website with "Shariff":

  • Facebook

  • Twitter

  • Google+

  • flattr

  • LinkedIn

1.12.1.7 Further services

On some websites we use additional services. These include:

  • Google Calendar

  • Google code

  • Google Custom Search

  • Google Fonts

  • Blogspot

  • Gravatar

  • Nabble

  • jQuerry

  • WordPress

  • Creative Commons

  • polldady

  • bitpay

1.12.2 Legal basis for data processing

The legal basis for the processing of personal data using cookies is in Article 6 (1) lit. f of the GDPR.

1.12.3 Reason for data processing

The reason for the usage is to make the websites easier to use. Some features of our website can not be offered without the use of third-party components.

1.12.4 Duration of storage, and option to object and remove data

Cookies are stored on the users's computer and transmitted by the computer to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have been saved already can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the features of our website in full.

If additional JavaScript code is executed, you can also prevent this. To do this, you must disable the JavaScript feature in your web browser. However, please note that in this case you will not be able to use the associated services, or only to a limited extent.

I.XIII Rights of the affected person

If your personal data is processed, you are an affected person in the sense of the GDPR, and you have the following rights::

1.13.1 Right of access

You may ask the controller to confirm if personal data concerning you is processed by us.

If such processing is taking place, you can request information from the controller about the following:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data which are being processed;

(3) the recipients (or categories of recipients) to whom the personal data has been disclosed, or is still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;

(5) the existence of a right to correct or delete your personal data, a right to restrict the processing by the controller, or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the source of the data, if the personal data has not been collected from the data subject by the controller;

(8) the existence of automated decision-making, including profiling according to Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved, as well as the implications and intended effects of such processing on the data subject.

You have the right to request information about whether your personal information is transferred to a third country or an international organization. In this context, you can request the appropriate guarantees in accordance with. Art. 46 of the GDPR regarding the transfer.

1.13.2 Right to correction

You have a right to correction and/or completion from the controller, if the personal data being processed is incorrect or incomplete. The controller must make the correction without delay.

1.13.3 Right to restriction of processing

You may request a restriction on the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal information, for a period of time that enables the controller to verify the accuracy of your personal information;

(2) the processing is unlawful, and you refuse the deletion of the personal data, and instead request that use of the personal data is restricted;

(3) the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have filed an objection against processing, pursuant to Art. 21 (1) of the GDPR, and it is not yet certain whether the factual reasons of the controller outweigh your reasons.

If processing of personal data concerning you is restricted, this data may only be used (apart from storage) with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of public interest importance in the Union or a Member State.

If the limitations of the processing of your personal data were restricted according to the aforementioned criteria, the controller will inform you before lifting those limitations.

1.13.4 Right to deletion

1.13.4.1 Deletion obligations

You may demand that the controller deletes your personal information without delay, and the controller is required to delete that information immediately if one of the following reasons is true:

  1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

  2. You revoke your consent to the processing, which was based on Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a of the GDPR, and there is no other legal basis for processing.

  3. You object to the processing in accordance with Article 21 (1) of the GDPR, and there are no factual reasons for the processing, or you object to the processing in accordance with Article 21 (2) of the GDPR.

  4. Your personal data is processed unlawfully.

  5. The deletion of your personal data is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

  6. Your personal data was collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR.

1.13.4.2 Information to third parties

If the controller has made your personal data public, and is obliged to delete it according to Article 17 (1) of the GDPR, he shall take appropriate measures, including technical ones, to inform data controllers who process the personal data, that you, the affected person, have requested that deletion of all links to such personal information or copies of such personal information, taking into account available technology and implementation costs.

1.13.4.3 Exceptions

The right to deletion does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information;

  2. to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority assigned to the controller;

  3. for reasons of public interest in the field of public health accordin to Art. 9 (2) lit. h and i and Art. 9 (3) of the GDPR;

  4. for archival purposes of public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 (1) of GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible (or seriously affect) the realisation of the objectives of the processing, or

  5. to assert, exercise or defend legal claims.

1.13.5 Right to be informed

If you have claimed the right to correct, delete or restrict processing to the controller, he is obliged to notify all recipients to whom your personal data has been disclosed of this correction, deletion or restriction, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to be informed by the controller about these recipients.

1.13.6 Right to data portability

You have the right to receive personal data that you provided to the controller in a structured, standard and machine-readable format. In addition, you have the right to transfer this data to another person without interference by the controller who was provided the personal data, so long as

  1. the processing is based on consent according to Art. 6 para. 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR, or on a contract according to Art. 6 para. 1 lit. b of the GDPR and

  2. the processing is done using automated procedures.

In exercising this right, you also have the right that your personal data is transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the controller.

1.13.7 Right to object

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data, in accordance with Art. 6 para. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling factual grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, to exercise your right to object utilising automated procedures that use technical specifications.

1.13.8 Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent, until the revocation.

1.13.9 Right to complain to a supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to complain to a supervisory authority, in particular in the member Member State of your residence, place of work or place of alleged infringement.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the option of a judicial remedy pursuant to Art. 78 of the GDPR.