Use and navigation of the page is possible without indicating personal data. However, if a data subject wants to use the services of our website, it could be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a person to whom the data refers, must always be in accordance with the general data protection regulation (GDPR) and in accordance with the special for each country data protection regulations applicable to the bio-logos.com website. With this data protection statement, our company would like to inform the general public about the nature, scope and purpose of the personal data we collect, use and process. In addition, the persons to whom the data refer shall be informed, through this data protection declaration, of their rights.
As editor, bio-logos.com has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may basically have security vulnerabilities, so absolute protection is not guaranteed. For this reason, any data subject is free to transfer personal data to us through alternative media, e.g. by phone.
a) Personal data
Personal data is any information about a natural person that has been identified or can be identified (hereinafter “the person to whom the data refers”). A person is considered to have been identified, directly or indirectly, in particular by assignment to an identifier, such as a name, identification number, location data, an electronic ID or one or more special features that reflect physical, physiological, genetic , spiritual, economic, cultural or social identity of this natural person.
b) Subject of the affected data / person
An infected person is any natural person who has been identified or may be identified and whose personal data is being processed by the controller.
Edit refers to any function performed with or without the help of automated processes or any process related to personal data such as recording, collecting, organizing, configuring, storing, adapting or modifying, retrieving information, or use, notification by submission, dissemination or other form of provision, reconciliation or connection, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data in order to limit their future processing.
Profile is any type of automated processing of personal data, which is that this personal data is used to evaluate certain personal aspects concerning a natural person, especially in matters related to work, financial situation, health, Personal Analysis or prediction of preferences, interests, reliability, behavior, identification or relocation of this individual.
Falsification is the processing of personal data in such a way that personal data can no longer be assigned to a specific subject without the help of additional information. For this reason, separate technical and organizational measures are taken to ensure that personal data is not assigned to a recognized or recognizable natural person.
h) Responsible or responsible for processing
The person in charge or in charge of processing is the natural or legal person, the public authority, the body or organization that decides alone or in consultation with others for the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by EU or national law.
The processor is a natural or legal person, public authority, organization or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, body or other entity in which personal data is disclosed, regardless of whether it is a third party or not. However, the authorities who may receive personal data under EU or national law in relation to a particular mission are not considered beneficiaries.
A third party is a natural or legal person, public authority, body or entity other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.
Consent is voluntary in this case and is categorically delivered by the data subject in the form of a statement or other recognizable positive act by which the person agreeing to the processing of personal data relating to it is understood.
2. Name and address of the legal representative
The person responsible under the Data Protection Regulation, other data protection laws in the Member States of the European Union and other data protection provisions are:
Vagia Tinos, 84200, Greece
By using cookies, bio-logos.com may offer users of this site more user-friendly services that would not be possible without cookies.
The data subject may block the setting of cookies through our website at any time through a corresponding setting of the Internet browsing program used and thus permanently refute the setting of cookies. In addition, already defined cookies can be deleted at any time via an Internet browser or other software program. This is possible in all common web browsers. If the person to whom the data refers disables the configuration of cookies in the Internet browser used, it is not possible to fully use all the functions of our website.
4. Collection of general data and information
The bio-logos.com website collects a series of general data and information each time someone infected or an automated system visits the site. This general data and information is stored in the server logs. (1) the type and version of the browser used, (2) the operating system used by the access system, (3) the website from which a system prompts our website (so-called referrals), (4) ) the sub-sites, to which you have access through a system access to our website, (5) the date and time of access to the website, (6) Internet protocol address (IP address), (7) internet service provider of the system access and (8) other similar omena and information used in the event of attacks on our IT systems. When you use this general data and information, bio-logos.com does not draw conclusions about the person concerned. This information is necessary (1) for the content of our website to work properly, (2) to optimize the content of our website as well as its advertising (3) to continue the operation of our information systems and the technology of our website , as well as (4) to provide the law enforcement authorities with the necessary information to enforce the law in the event of cyberbullying.
Bio-logos.com analyzes this data and information collected anonymously on the one hand statistically and further with the aim of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
5. Register on our website
The subject has the ability to register on the website of the editor in charge by providing personal data. The personal data sent to the person in charge comes from the corresponding login mask used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller for his own purposes. The data controller may cause the transfer to one or more processors, such as a parcel delivery service, which also uses personal data only for internal use attributed to the controller.
By registering on the webmaster’s website, the IP address provided by the data provider’s Internet Service Provider (ISP), date and time of registration is also stored. The storage of this data is done in the light of the fact that only the misuse of our services can be prevented. These data, if necessary, make it possible to clarify the crimes committed. In this regard, the storage of this data is necessary to ensure the controller. Disclosure of this data to third parties does not take place unless there is a legal obligation to transmit or disclose it to law enforcement agencies.
The registration of the person affected by the voluntary provision of personal data used by the controller to provide the content or services that may be provided due to the nature of the case only to registered users subject to the data. Registered persons are free to modify the personal data provided at the time of registration or to delete them completely from the database of the data controller. The controller, at any time upon request, provides information to each data subject on what personal data about the data subject is stored. In addition, the controller may correct or delete personal data at the request or referral of the data subject, as long as this does not conflict with any institutionalized storage requirements. All data subjects of the controller are available to the data subject as a contact person in this context.
6. Subscription to our newsletter
On the bio-logos.com website, users are given the opportunity to subscribe to our company’s newsletter. What personal data is transmitted to the data controller when ordering the newsletter is derived from the input mask used for this purpose. Bio-logos.com informs its customers and business associates on a regular basis through an information leaflet about the company’s offers. Our company’s newsletter can only be received by the interested party if (1) the data subject has a valid email address and (2) the interested party has registered for the newsletter. For legal reasons, a confirmation email will be sent to the email address entered by an interested party for the first time to send newsletters using the double entry process. This confirmation email is used to verify that the recipient of the email address as interested has received the receipt of the newsletter.
When registering in the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as defined by the Internet Service Provider (ISP).
The collection of this data is necessary in order to understand the (possible) misuse of a person’s e-mail address at a later date and therefore serves as legal guarantees for the representative.
The personal data collected in the context of registration in the newsletter will be used exclusively for the sending of our newsletter. The subscribers of the newsletter may also be notified by e-mail, if this is necessary for the operation of the newsletter service or the registration, as would happen in case of changes in the newsletter or in technical changes. There will be no transfer of personal data collected as part of the information leaflet service to third parties. Registration in our newsletter can be terminated by the interested party at any time. The consent for the storage of the personal data provided to us by the person to whom the data on the sending of the newsletter refers may be revoked at any time. For the purpose of revoking consent, there is a corresponding link in each newsletter. It is also possible to remove the registration from the newsletter at any time, directly on the controller’s website or to notify the editor in a different way.
7. Monitoring newsletters
Bio-logos.com newsletters contain so-called measurement icons. A metering icon is a tiny graphic embedded in such emails that are sent in HTML format to allow recording files and record file analysis.
This allows statistical evaluation of the success or failure of online marketing campaigns. Based on the built-in icon, bio-logos.com can detect if and when an e-mail was opened by an affected person and the e-mail links were called by the person concerned. This personal data collected through the measurement icons contained in the newsletters will be stored and evaluated by the auditor in order to optimize the delivery of newsletters and better adapt the content of future newsletters to the interests of the subjects. This personal data is not disclosed to third parties. Affected persons have at any time the right to withdraw the separate consensus declaration made through the double entry procedure. After the recall, this personal data will be deleted by the auditor. A cancellation of the receipt of the newsletter on bio-logos.com is automatically interpreted as a revocation.
8. Communications through the website
The website of bio-logos.com contains information required by law for fast electronic communication with our company as well as direct communication with us, which also includes a general address of the so-called e-mail (e-mail address). If a person comes in contact with the data controller via email or via a contact form, the personal data provided by the underlying data is automatically saved. This personal data, which is voluntarily transmitted by a person to the controller, is stored for the purpose of processing or communicating with the data subject. There is no disclosure of this personal data to third parties.
9. Ordinary deletion and exclusion of personal data
The controller processes and stores the personal data of the data subject only for the period of time necessary to achieve the purpose of storage or, possibly, European directives or regulations or any other legislative or legislative body provided for. If the storage purpose is omitted or the storage period specified by European directives and regulations or by any other relevant legislator expires, personal data will be blocked or deleted in accordance with the legal provisions.
10. Rights of the interested party
a) Right of confirmation
Each data subject has the right, as granted by the European regulatory authorities and regulators, to ask the controller to confirm whether the personal data concerning him is being processed. If an interested person wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.
b) Right to information
Any person engaged in the processing of personal data has the right, at any time, to be provided free of charge by the European Authority and the Regulatory Authority to receive free information from the data controller about the personal data stored for him and a copy thereof. of the information. In addition, the European legislature and regulator provided the following information to the data subject:
• processing purposes
• the categories of personal data that are processed
• Recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, in particular to recipients in third countries or international organizations
• if possible, the intended duration for which personal data will be stored or, if this is not possible, the criteria for determining this duration
• the existence of the right to correct or delete personal data concerning him or the restriction of the processing by the person in charge or the right to oppose this processing.
• the existence of a right of appeal to a supervisory authority
• if personal data is not collected by the data subject: All available information about the source of the data
• the existence of an automated decision-making process, including features in accordance with Article 22, paragraph 1, and 4 GDPR and – at least in these cases – important information on the logic and scope of application and the desired result of this processing for the person concerned.
In addition, the data subject has the right to access whether personal data has been transmitted to a third country or to an international organization. In this case, the data subject has the right to receive information about the appropriate guarantees in relation to the transfer.
If an interested party wishes to exercise this right of information, it may at any time contact an employee of the controller.
c) Right of correction
Any person affected by the processing of personal data has the right granted by the European legislature to request the immediate correction of inaccurate personal data concerning him. In addition, the data subject has the right to request the completion of incomplete personal data, among other things through an additional statement, taking into account the purposes of the processing. If an interested party wishes to exercise this right of correction, he may at any time contact an employee of the controller.
d) Copyright (right to be forgotten)
Anyone affected by the processing of personal data has the right to be instructed by European directives and regulators to require the controller to immediately delete the personal data concerning him, provided that you meet one of the following reasons and no processing required:
• Personal data has been collected for these purposes or has been otherwise processed for which it is no longer necessary.
• The Member States concerned withdraw their consent to the processing in accordance with Art. 6 par. 1 item a DS-GTO or Art. 9 par. 2 element a GDPR is supported, and there is a lack of a different legal basis for facial processing.
• The person to whom the data refers shall object to the processing in accordance with Article 21 (1) of the GDPR and there are no valid grounds for processing or the objects of the data in accordance with Article 21 (2) of the GDPR.
• Personal data was processed illegally.
• The deletion of personal data is necessary to fulfill a legal obligation under EU or national law to which the controller is subject.
• Personal data were collected in relation to the information society services offered in accordance with Article 8 (1) of the GDPR.
If any of the above reasons are correct and an interested party wishes to take care of the deletion of personal data stored on bio-logos.com, they may at any time contact an employee of the controller. The employee of bio-logos.com will arrange the immediate fulfillment of the extinguishing request.
If the personal data is published by bio-logos.com and if our company is responsible for the removal of personal data as responsible under Article 17 (1) of the GDPR, bio-logos.com will take appropriate action, taking into account the available technology and technical implementation costs, inform other data controllers that process the published personal data that the data subject has deleted from all other data processing managers any connections with t annual personal data or copies or reproductions of such personal data with respect to the processing not required. The employee of bio-logos.com will arrange the necessary in individual cases.
e) Right to restrict processing
Any person affected by the processing of personal data has the right, under the European Directive and the Regulatory Authority, to require the controller to restrict processing if one of the following conditions applies:
• The accuracy of personal data is disputed by the data subject for a period of time that allows the auditor to verify the accuracy of personal data.
• Processing is illegal, the data subject refuses to delete personal data and, on the contrary, requests the restriction of the use of personal data.
• The controller no longer needs personal data for processing purposes, but the data subject obliges them to claim, exercise or defend legal claims.
• The person concerned has an objection to the processing in accordance with Article 21 para. 1 of the GDPR and it is not yet clear whether the legal reasons of the person in charge are greater than those of the person concerned.
If you meet one of the above requirements and the data subject wishes to request the restriction of personal data stored on bio-logos.com, he may at any time contact an employee of the controller. The employee of bio-logos.com will limit the processing.
f) Right to data portability
Any person affected by the processing of personal data has the right to be granted by European directives and regulations in order to obtain the personal data concerning him by a data controller in a structured, common and mechanically readable form. It also has the right to transmit this data to another responsible person without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent in accordance with Article 6 (1) (a) of the GDPR or Article 9 (1) (b) (2) (a) of the GDPR or in a contract under Article 6 (1) (b) of the GDPR and processing by automated procedures, unless the processing is necessary for the performance of a public duty. bearer or in the exercise of public power, which has been assigned to the person in charge. In addition, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to request the direct transfer of personal data from one controller to another, to the extent that this is technically possible. Possible this does not affect the rights and freedoms of others. To claim the right to data portability, the data subject may at any time contact a bio-logos.com employee.
g) Right of appeal
Each person concerned with the processing of personal data has the right provided by the European Directive and the regulatory authority at all times, for reasons arising from his particular situation, against the processing of personal data concerning it, in accordance with Article 6. paragraph 1 (e) or f GDPR is objected to. This also applies to features that are based on these provisions.
Bio-logos.com no longer processes personal data in the event of an objection, unless we can find urgent legal grounds for processing that go beyond the interests, rights and freedoms of the data subject or the processing is for claiming, exercising or defending legal claims.
If bio-logos.com processes personal data for direct mail execution, the data subject has the right to object at any time to the processing of personal data for the purposes of this advertisement. This also applies to the definition of the profile, insofar as it is linked to this advertising post. If the data subject opposes the processing of bio-logos.com for direct marketing purposes, bio-logos.com will no longer process personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his particular situation, against the processing of personal data concerning him, which appear in the context of bio-logos.com for scientific or historical purposes or for statistical purposes. Article 89 (1) of the GDPR is required to object, unless such processing is necessary for the performance of a public interest duty.
To exercise the right to appeal, the data subject may contact any employee of bio-logos.com or any other employee directly. The person to whom the data refers is also free, in the context of the use of the information society’s services, regardless of Directive 2002/58 / EC, to exercise his right to object through automated procedures using technical specifications.
h) Automated decisions in individual cases, including formatting
Anyone interested in the processing of personal data has the right, as granted by the European legislature and the legislature, not to be subject to a decision based solely on automated processing, including formatting, which has a legal effect or similar. way, it affects him significantly. unless decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is permitted by the legislation of the Union or the Member State to which the controller is subject and this legislation provides for appropriate measures to ensure the rights and freedoms as well as the legitimate interests of the data subject; or (3) with the explicit consent of the data subject.
If decision (1) is required for the conclusion or performance of a contract between the data subject and the controller or (2) is made with the express consent of the data subject, bio-logos.com shall take appropriate measures to protect rights and freedoms and authorized persons The interests of the person to whom the data refers, including at least the right of the person to intervene by the controller, to express his own position and challenge decision.
If the data subject wishes to claim automated decision-making rights, he may contact an auditor at any time.
i) Right to revoke consent to data protection
Any person affected by the processing of personal data has the right, at the discretion of the European Directive and the Regulatory Authority, to withdraw at any time his consent to the processing of personal data. If the data subject wishes to claim his or her right to withdraw his or her consent, he or she may at any time contact an employee of the controller.
11. Data protection regulations for the use and use of Google Analytics (with anonymization function)
The controller has integrated Google Analytics (with anonymization function) into this site. Google Analytics is a web analytics service. Tissue analysis is the collection, processing and analysis of data on visitors’ behavior on websites. Among other things, a web analytics service collects data about the site to which an interested party has come to a site (so-called referrals), which is accessed by the subpages of the site or how often and for what duration of observation a subpage is displayed. A web analytics is mainly used to optimize a website and the cost-benefit analysis of online advertising.
The company that operates with the Google Analytics element is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. The controller uses the add “_gat._anonymizeIp” for web analytics via Google Analytics. Through this add-on, the IP address of the Internet access of the data subject will be shortened and anonymous by Google if access to our website comes from a Member State of the European Union or from another State party to the Agreement on the European Economic Agreement. Space.
The purpose of Google Analytics is to analyze the flow of visitors to our site. Google, among other things, uses the data and information obtained to evaluate the use of our website, to compile electronic reports showing activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie in the computer system of the person concerned. The cookies already explained above. Using this cookie, Google has the ability to analyze the use of our website. Each time one of the pages of this site is accessed by the controller and an element of Google Analytics is integrated, the web browser in the information technology system of the person concerned is automatically activated by the corresponding element of Google Analytics “Submit data to Google for electronic analysis purposes “. As part of this technical process, Google will know personal data, such as the IP address of the person concerned, which serves, among other things, Google to monitor the origin of visitors and clicks and then make possible compromises. . The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the person to whom the data refers, is transferred to Google in the United States. This personal information is stored by Google in the United States. Google may transfer this personal data collected through the technical process to third parties.
The affected person can block the setting of cookies through our website, as shown above, at any time through a corresponding setting of the Internet browser used and thus permanently refute the setting of cookies. Such a configuration of the Internet browser used would also prevent Google from setting a cookie in the information technology system of the person concerned. In addition, a cookie already defined by Google Analytics can be deleted at any time via the Internet browser or other software programs.
More information and privacy policies from Google can be found at https://www.google.com/intl/el/policies/privacy/ and http://www.google.com/analytics/terms/el.html. Google Analytics is explained in more detail at https://www.google.com/intl/el_de/analytics/.
The controller has built-in Instagram service elements on this site. Instagram is a service that is characterized as an audiovisual platform, allowing users to share photos and videos and share this data on other social networks. The company that deals with Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Every visit to one of the pages of this website operated by the controller and in which an Instagram element is automatically integrated (Insta-Button) automatically causes the internet browsing program in the computer system of the interested person through the corresponding Instagram element causes the download a representation of the corresponding Instagram item. As part of this technical process, Instagram knows what specific bottom of our website the interested party is visiting.
If the data subject is connected to Instagram at the same time, Instagram recognizes with each visit to our site from the data subject and throughout the corresponding stay on our website, in which specific subpage the interested party visits. This information is collected through the Instagram account and assigned via Instagram to the Instagram account of the person concerned. If the interested party activates one of the Instagram buttons that are embedded in our website, the data and information transferred with it are assigned to the personal Instagram account of the person concerned and are stored and processed by Instagram.
The controller has built-in elements of the Facebook company on this site. Facebook is a social network. A social network is a social meeting place based on the Internet, an online community that usually allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging views and experiences or allows the Internet community to provide personal or professional information. Facebook allows social network users to create private profiles, upload photos and communicate via friend requests. Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if the victim lives outside the United States or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, the port of the Grand Canal, Dublin 2, Ireland.
Every visit to one of the individual pages of this website, which is operated by the editor and in which a Facebook (plug-in on Facebook) element has been integrated, the internet browsing program in the computer system of the person concerned automatically by the corresponding Facebook The item causes the corresponding Facebook item to be represented on Facebook for download. An overview of all Facebook add-ons can be found at https://developers.facebook.com/docs/plugins/?locale=el_US. As part of this technical process, Facebook receives information about the specific lower part of our website that the interested party is visiting.
If the person who is simultaneously connected to Facebook, Facebook recognizes with each visit to our site from the data subject and throughout the corresponding stay on our site, which specific bottom of our site the data subject visits. This information is collected through the Facebook account and assigned by Facebook to the respective Facebook account of the data subject. If the person activates one of the Facebook buttons that are embedded in our website, for example the “I like” button or if the interested person makes a comment, Facebook assigns this information to the personal Facebook account of the person concerned and saves this personal data.
Facebook always receives information through the Facebook element in which the person to whom the data refers visited our website, if the person to whom the connection is made is connected to Facebook at the same time as accessing our website. This happens regardless of whether the person clicks on the Facebook item or not. If such a transfer of this information to Facebook is not desired by the data subject, it may prevent the transfer by disconnecting their Facebook account before they call our website.
The data policy published by Facebook, which is available at https://el-gr.facebook.com/privacy/explanation, provides information about the collection, processing and use of personal data by Facebook. It also explains what options Facebook offers to protect the privacy of the data subject. In addition, various applications are available, which make it possible to suppress data transmission on Facebook. Such applications may be used by the data subject to suppress Facebook data transmission.
14.Political Privacy Application and Use of YouTube
The controller has embedded YouTube data on this site. YouTube is a video portal that allows video publishers to watch free video clips and other users for free viewing, evaluation and commenting. YouTube allows all types of videos to be published so that all full movie and TV shows, as well as music videos, trailers or videos made by users through the web portal, are available. YouTube is owned by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC, is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Each visit to one of the pages of this site run by the editor and incorporating a YouTube item (YouTube video) will automatically cause the Internet browser to be displayed in the information technology system of the subject to be represented by the corresponding YouTube item to download a picture of the corresponding YouTube item from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google are aware of the specific bottom of our website that the interested party visited.
If the person connected to YouTube at the same time, YouTube recognizes by calling a secondary page containing a video on YouTube, in which at the bottom of our site the person visiting the person. This information is collected by YouTube and Google and is linked to the individual YouTube account.
The controller has built-in PayPal data on this site. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual credit card payments if the user does not have a PayPal account. A PayPal account manages through an email address, so there is no classic account number. PayPal allows third parties to make electronic payments or receive payments. PayPal also handles administrator functions and offers customer protection services. PayPal’s European management company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Royal Boulevard, 2449 Luxembourg, Luxembourg.
If the data subject selects “PayPal” as the payment option during the ordering process in our online store, the data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject agrees to the transfer of the personal data required to process the payments. The personal data sent to PayPal is usually the name, surname, address, email address, IP address, telephone number, mobile phone number or other data required to process payments. These personal data, which are related to the corresponding command, are also necessary for the execution of the purchase contract.
The purpose of data transmission is to process payments and prevent fraud. The controller will provide PayPal with personal information, especially if there is a legitimate interest in the transfer. Personal data exchanged between PayPal and the controller can be transferred via PayPal to credit reporting agencies. This transmission is aimed at controlling identity and creditworthiness. PayPal may disclose personal information to subsidiaries and service providers or subcontractors, to the extent necessary to fulfill their contractual obligations or to process the data on its behalf.
17. Legal basis of processing
Article 6 I lit. A GDPR serves our company as the legal basis for the processing work where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the execution of a contract whose data subject is a contracting party, such as e.g. for processing work necessary for the supply of goods or the provision of any other service or exchange, the processing is based on Article 6 I lit. b GDPR. The same applies to the processing work required to carry out the precautionary measures, for example in cases of investigation of our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Article 6 I, c GDPR.
In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would happen, for example, if a visitor to our facility was injured and the name, age, health insurance or other important information should be passed on to a doctor, hospital or other third party. The treatment will then be based on Article 6 I lit. d GDPR are based. Finally, the processing work could be based on Article 6 I lit. f GDPR are based. This legal basis requires processing that is not covered by any of the aforementioned legal grounds, if the processing is necessary to protect the legitimate interests of our company or a third party, unless its interests, fundamental rights and fundamental freedoms prevail. of a specific person.
Such processing procedures are particularly permissible for us because they have been explicitly stated by the European legislature. In this regard, he considered that it could be considered a legitimate interest if the person to whom the data refers is a client of the controller (reasoning 47, second proposition, GDPR).
18. Eligible processing interests pursued by the controller or by a third party
It is the processing of personal data based on Article 6 I, f GDPR that is in our legitimate interest to carry out our activities for the benefit of all our employees and shareholders.
19. Duration for which personal data is stored
The criterion for the duration of personal data storage is the corresponding period of mandatory detention. After the expiration of the term, the respective data are normally deleted, if the execution of the contract or the undertaking of a contract is no longer required.
20. Legal or contractual provisions for the provision of personal data.
Necessity for concluding the contract. Obligation of the data subject to provide personal data. possible consequences of non-provision
We clarify that the provision of personal information is required in part by law (such as tax regulations) or may result from contractual arrangements (such as details about the contractor). Sometimes it may be necessary to conclude a contract that a victim provides us with personal data which must then be processed by us. For example, the data subject is obliged to provide us with personal information when our company enters into a contract with it. Failure to provide personal data would mean that the contract with the person concerned could not be terminated. Before providing personal data to the person concerned, the person concerned must contact one of our employees. Our employee will notify the individual on a case-by-case basis if the provision of personal data is required by law or contract or is required for the conclusion of the contract, if there is an obligation to provide personal data and the consequences of non-provision of personal data.
21. Existence of automatic decision making
As a responsible company, we avoid making automatic decisions or creating profiles.