Privacy Policy
HELM AG (hereinafter “we” or “Controller”), Nordkanalstrasse 28, 20097 Hamburg, Germany is responsible for this website.
Our Data Protection Officers can be contacted via the following e-mail address: datenschutzbeauftragter@helmag.com.
1. Definitions
The terms “personal data” or “data” refer to all information related to an identified or identifiable natural person. “Identifiable” means a natural person who can be identified directly or indirectly, in particular through an identifier such as a name, an index number, location data, or one or several characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Data subject” means an identified or identifiable natural person, such as you yourself.
“Controller” refers to the natural or legal person, public authority, agency or other body that solely or jointly with others determines the purpose and means of the processing of personal data.
“Processing” or “process” refers to all manual or automated procedures carried out, or all such series of procedures related to personal data such as the gathering, collation, organization, assignation, saving, adjustment or modification, selection, calling up, use, provision of access through transfer, dissemination or any other means of making data available, comparison, linking, limitation, or deletion. In the following, processing refers to the relevant activity.
“Processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Further, the terms used in this Privacy Policy correspond to those used in Art. 4 of the European General Data Protection Regulation (“GDPR”). Please see for additional and deviating requirements according to your local law Sec. 7 of this Privacy Policy.
2. Processing your data
We process the personal data that you make available to us via our website, via e-mail, at trade fairs or exhibitions in the manner described in the following.
2.1 Visits to our website
When you visit our website, your browser automatically sends us information that is then temporarily saved in a logfile. This information includes your IP address, the date and time of your visit, time deviation from GMT, HTTP status code as well as the domain name of the website from which you visited ours (referrer URL). We process these data to ensure the correct display, use, stability and security of our own website.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. The legitimate interest consists in the above-mentioned data processing purposes.
Additionally, we use cookies on our website. Further information on these is available below under section 2.4 of this Privacy Policy.
2.2 Contacting us via the Contact Form
Should you have questions about our products or regarding other matters, we provide the option of contacting us via the Contact Form (link on the upper right side). In this context we process your personal data (name, address, telephone number, e-mail address, details regarding your company and position) in order to provide you with an individualised response to your request.
Within this, the processing of your data either is necessary to carry out pre-contractual measures with you (Art. 6 para. 1 p. 1 lit. b GDPR) or is based on our legitimate interest in responding to your enquiry (Art. 6 para. 1 p.1 lit. f GDPR).
2.3 Contact via e-mail
You also have the option of contacting us via e-mail should you have questions regarding our products or other enquiries. We process your data, i.e. your e-mail address, destination address, IP address, e-mail programme, date and time of your e-mail, the content of your e-mail as well as the information you provide to enable us to respond to your enquiry individually.
Within this, the processing of your data either is necessary to carry out pre-contractual measures with you (Art. 6 para. 1 p. 1 lit. b GDPR) or is based on our legitimate interest in responding to your enquiry (Art. 6 para. 1 p. 1 lit. f GDPR).
2.4 Cookies
We use ‘cookies’ on our website. These are text files that are saved on your computer or other end-devices such as your smartphone or tablet. Using cookies helps us to design our website in a way that meets the needs of users and to continually optimise it. Additionally, we analyse how you use our website in order to improve it to better serve your interests.
For instance, session cookies show us when you have visited individual pages of our website. Session cookies are automatically deleted when you leave our website.
In addition we also use temporary cookies that are saved on your computer or end-devices for a limited period of time. These cookies indicate to us what data you entered and what settings you selected on a previous visit to our website, so that you do not have to re-enter or reselect these.
Further, we use tracking cookies to log the use of our website statistically and thus to optimise our website.
Our use of cookies may involve processing of your personal data, e.g. your IP address and information on how you interact with our website. The processing of your data in connection with our use of cookies for the above-mentioned purposes is based on our legitimate interest in order to fulfil the purposes listed above and below (Art. 6 para. 1 p. 1 lit. f GDPR) and/or, where required by law, your consent (Art. 6 para. 1 p.1 lit. a GDPR).
When you first visit our website you will be required to expressly accept the use of cookies through an “Accept” button, which will be enabled in the cookie notification. In any case, please note that you can block or disable cookies by configuring your browser to block the installation of some or all cookies. Almost all browsers allow you to be alerted to the presence of cookies or block them automatically. If you block cookies, you can continue to use our website, although some services may be limited and your experience on our website may be less satisfactory as a result.
We use the following cookies on our website:
| Cookie | Provider | Purpose | Opt-Out/ Refusal | Procedere |
| cookieconsent_dismissed (cookie notification on top of website) | HELM AG | Checks whether or not the user has accepted cookies | Not possible, as this is necessary for the technical provision of the website. | 1 year |
| fe_typo_user (standard TYPO3 session cookie) | HELM AG | Identifies the user’s session via a randomly generated numeric code. | Not possible, as this is necessary for the technical provision of the website. | session cookie (automatically deleted on leaving the website) |
| _ga (Google Analytics) | Google LLC 1600 Amphitheatre Parkway Mountain View CA 94043 USA (“Google”) | Logs information about the user’s activity on the website. | https://tools.google.com/dlpage/gaoptout?hl=en | 2 Years |
| _gid (Google Analytics) | Logs information about the user’s activity on the website. | https://tools.google.com/dlpage/gaoptout?hl=en | session cookie (automatically deleted on leaving the website) | |
| _gat (Google Analytics) | Logs the frequency of the user’s visits to the website, to minimise data traffic. | https://tools.google.com/dlpage/gaoptout?hl=en | session cookie (automatically deleted on leaving the website) | |
| NID (Google Maps) | Displays our locations. | https://tools.google.com/dlpage/gaoptout?hl=en | 6 months | |
| IDE (Google Ads) | Measures user activity on the website to optimise the display of advertisements | https://tools.google.com/dlpage/gaoptout?hl=en | session cookie (automatically deleted on leaving the website) |
In detail:
cookieconsent_dismissed
With the aid of this cookie we can identify whether you have confirmed your acceptance of the cookie notification by clicking “Accept”; if so, the page will not display this notification again. As part of this, your IP address will be saved until you leave the website.
fe_typo_user
This is a standard TYPO3 session cookie that stores information regarding your current website visit (including your anonymized IP address and the time of your visit). To do this, a randomly generated numeric code is created that allows our website to recognise you, as long as you do not close your browser. For example, your language preference will be maintained during your visit to our website.
IDE (doubleclick.net)
This cookie supports the appropriate display of advertising to the user (for instance, preventing single advertisements from appearing repeatedly). This cookie logs user activity following the display of an advertisement in order to measure its effectiveness and to optimise future advertisements correspondingly for the user.
_gat (Google Analytics)
This website uses functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”).
Google Analytics uses so-called cookies (see above). The information generated by the cookie about your use of this website is transferred to a Google server and stored there. We have selected the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transferred to the USA. Google uses this information to evaluate your use of the website, to create reports on website activity and to provide further services to the website operator in connection with website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.
The use of Google Analytics cookies is based on your consent, Art. 6 para. 1 lit. a DSVGO.
A transfer of personal data to the USA in exceptional cases is based on the so-called EU standard contractual clauses.
This website uses the "demographic characteristics" feature of Google Analytics. This enables us to generate reports that contain statements about the age, gender and interests of website visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can turn off this feature at any time by going to your Google Account's ad settings.
You can prevent the use of Google Analytics including the "demographic features" function at any time, either by installing the Google Browser Plugin, which sets an opt-out cookie, or by selecting the appropriate setting in your browser software. Both options will only prevent the use of web analytics if you are using the browser on which you installed the plugin and if you do not delete the opt-out cookie. Please note that in this case you may not be able to use all functions of this website to their full extent. You can find further information at https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please refer to the Google privacy policy: support.google.com/analytics/answer/6004245.
NID (Google Maps)
We use Google Maps, a Google offer, on our website to display the locations of our offices and subsidiaries (please see also below). When users visit sub-pages in which Google Maps is integrated (‘Locations’ and ‘Contact Form’) a cookie is saved on your end-device to process user settings and user data (language, number of search results displayed, activation of the Google SafeSearch filter).
This cookie is not normally deleted when you close your browser but expires after a certain period, unless you delete it previously. If you do not accept this data processing you can deactivate the Google Maps service and thus prevent data processing by deactivating the JavaScript function in your browser. Further information on the cookies used by Google is available here as well as in Google’s Data Privacy Statement.
2.5 Information and advertising
You may send us your personal data both digitally via our website and locally at trade fairs and similar events by means of our Contact form, in order to receive information and advertising regarding our current products and services, as well as to receive information about access to HELM AG farm management digital platforms by post, telephone or e-mail. Depending on your respective request we process the following data:
- First name, surname, title
- Physical address
- Your preferred contact details (telephone no., mobile no., e-mail)
- Your preferred crops
- Your preferred business sector.
To send you information and advertising we apply the Double-Opt-In procedure. This means that we only send information and advertising to your e-mail address after you have confirmed your assent by clicking on a link we send you, in reply to an e-mail enquiry from you.
The gathering of the abovementioned personal data serves the purpose of sending the relevant information and advertising to the right target groups. The legal basis for processing your personal data is your consent (Art. 6 para. 1 p.1 lit. a GDPR).
To provide information and advertising we use the service provider Salesforce. To select the right e-mail attachments and select the right recipient target group for specific information and advertising, data is transmitted to Salesforce (Salesforce.com Germany GmbH, Erika-Mann-Straße 31, D-80636 Munich) and processed there. We have a contract with Salesforce that governs the processing of such contractual orders. Salesforce processes your personal data in the USA based on additionally agreed standard contractual clauses in accordance with Art. 46 Abs. 2 lit. c GDPR. Additionally, when processing data outside the European Union, Salesforce commits to complying with binding internal data privacy regulations in accordance with Art. 46 Abs. 2 lit. b GDPR (‘binding corporate rules’), in order to guarantee an appropriate level of data protection.
3. Services of third parties
3.1 Google Web Fonts
On our website we use so-called web fonts, which are provided by Google in order to uniformly display fonts. The provider of the service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you access a website, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of Google. This allows Google to obtain information that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of an uniform and pleasant presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support Google Web Fonts, a standard font from your computer will be used.
You can find further information about Google Web Fonts at developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/.
3.2 Google Maps
Our website uses the Google Maps map service via an API. The provider of the service is Google LLC, which has already been introduced above.
To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to and stored at a Google server in the USA.
The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we have indicated on the website. This constitutes a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
More information on the handling of user data can be found in the Google privacy policy: https://www.google.de/intl/de/policies/privacy/.
3.3 YouTube
We have integrated a YouTube video into our German online offer, which is stored at www.YouTube.com and can be played directly from our website. The video is embedded in "enhanced privacy mode", which means that no data about you as a user will be transferred to YouTube if you do not play the video
By visiting the website, YouTube receives the information that you have accessed the relevant subpage of our website. In addition, the data collected during the informative visit to our website is processed. This happens regardless of whether YouTube provides an user account through which you are logged in or whether no such user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your provided data as user profiles and processes them for purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation is carried out in particular for the purpose of providing advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
By integrating the YouTube video into our online presence, a connection to the Google Double-Click network is automatically established when you visit our website. Cookies are not set in the browser as a result. If, however, Double-Click-Cookies are already stored in your browser, they will be transferred with the request. According to the information from YouTube, a data transfer only takes place when you play the video.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy of YouTube. There you will also find further information on your rights and setting options to protect your privacy: https://policies.google.com/privacy.
3.4 Vimeo
We use a video-player service of Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA, in order to play webinars. This processing is based on Art. 6 para. 1 lit. f GDPR. Therewith, we pursue our legitimate interest in increasing your user experience at our website and optimizing our online services.
When using the service, your browser communicates directly with Vimeo Inc. For more information, please refer to the privacy policy of Vimeo Inc., which you can access on the following website vimeo.com/privacy. There you will find information about your rights and settings regarding data protection.
3.5 Transfer of personal data to third countries
The aforementioned service providers that we use may transfer some of your personal data to the USA and, thus, outside the European Economic Area.
The transfer of your data to the USA by Google is based on so-called EU standard contractual clauses.
4. Access to your data and transfer to third parties
The employees of HELM AG and its affiliates have access to your data.
Additionally, we commission third parties to carry out data processing on our behalf (as Processors). In such cases their contractual relationships with us are governed by the requirements of the applicable data protection law.
We transmit data required for the provision of freight and transportation services to our freight and transport service providers.
Otherwise your data will not be transferred to third parties (as Controllers); unless we specifically inform you of this in advance and such data transfer to third parties is permitted under an applicable statutory provision (e.g. your explicit consent, the execution of a contract, or on the basis of other statutory provisions), or we are legally obliged to make this data available to fulfil an applicable statutory requirement.
The following third party companies are working for us as Processors:
Provider
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp (Germany)
Distribution of information and advertising
Salesforce.Com Germany GmbH
Erika-Mann-Straße 31
80636 Munich (Germany)
5. Duration of data storage
As a general principle we only store personal data until the originally intended and approved purpose of collection and storage has been fulfilled.
Notwithstanding the above general principle, data is not deleted if this information is necessary to fulfil a statutory obligation that we are required to uphold. For instance we are subject to statutory commercial as well as taxation data-storage provisions that require certain data to be stored for up to ten years under applicable local law.
6. Your rights
You have the following rights:
- the right to be informed about and have access to your personal data we process (Art. 15 GDPR)
- the right to have your personal data that we process rectified and / or completed (Art. 16 GDPR)
- the right to have your personal data we process erased (Art. 17 GDPR) or to restrict its processing (Art. 18 GDPR)
- the right to data portability (Art. 20 GDPR).
You have the right to lodge an official complaint with the responsible supervisory authority.
Under the provisions of Art. 21 para. 1 and Art. 21 para. 2 GDPR you have the right to object the processing of your personal data based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) at any time.
If you have consented to the processing of your personal data, you have the right to withdraw this consent at any time.
To exercise these rights please e-mail our Data Protection Officers using the contact details provided under Sec. 9.
7. Security of your data
To ensure the security of your personal data we have implemented appropriate technical and organisational measures in accordance with Art. 32 GDPR. We take technical and organisational safety measures in order to ensure that the processed personal data is protected against loss, manipulation, destruction and unauthorized access. Our security measures are constantly improved according to the technological development.
8. Local Law Requirements
Some jurisdictions require additional or amended privacy information as set out in the following:
Brazil:
You will find all Articles of the GDPR, as applicable under Brazilian laws, in Portuguese under: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex:32016R0679.
In particular, this Privacy Policy refers to the following Articles of the GD:
Article 4 – Definitions
For the current regulation, the following definitions apply:
1) “Personal Data” refers to information related to an identified or identifiable natural person (”Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, identifiers through electronic means, or one or several characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
2) “Processing” refers to a procedure or a set of procedures carried out in relation to personal data or a personal data set by automated or non-automated means, such as the gathering, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison, alignment, restriction, deletion or destruction.
3) “Processing restriction” refers to marking personal data stored with the aim of restricting processing in the future.
4) “Profile definition” refers to any form of automated processing of personal data, which consists of the use of such personal data in order to assess certain personal aspects of a natural person, in particular to analyse or predict aspects relating to professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
5) “Pseudonymisation” refers to processing personal data in such a way that this can no longer be allocated to a specific data subject without resorting to supplementary information, provided that such additional information is maintained separately and subject to technical and organisational measures to ensure that personal data cannot be allocated to an identified or identifiable natural person.
6) “File system” refers to any structured personal data set, accessible according to specific criteria, whether centralised, decentralised or dispersed functionally or geographically.
7) “Controller” refers to a natural or legal person, public authority, agency or another body which, individually or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by the law of the European Union or a Member State, the controller or the specific criteria applicable to their appointment may be provided by the Law of the European Union or a Member State.
8) “Processor” refers to a natural or legal person, public authority, agency or another body that processes personal data on behalf of the Controller.
9) “Recipient” refers to a natural or legal person, public authority, agency or another body who receives personal data communication, regardless of whether or not it is related to a third party. However, public authorities that can receive personal data as part of specific enquiries, under the terms of the law of the European Union or a Member States, are not considered recipients; the processing of data by these public authorities must comply with the data protection rules applicable according to the processing objectives.
10) “Third Party” refers to one or several natural or legal persons, a public authority, service or body who is not the data subject, a controller, a subcontractor as well as to persons who, under the direct authority of the controller or processor, are authorised to process the personal data.
11) “Consent” of the data subject refers to a free, specific, informed and explicit expression of will via which the data subject accepts, via a statement or an unequivocal positive act, the processing of their data.
12) “Personal data breach” refers to a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transferred, stored or otherwise processed in connection with any other type of processing.
13) “Genetic data” refers to personal data relating to the genetic or hereditary characteristics of a natural person which provide unique information on the physiology or health of that natural person and which results, in particular, from an analysis of a biological sample from the natural person concerned.
14) “Biometric data” refers to personal data resulting from a specific technical process relating to the physical, physiological or behavioural characteristics of a natural person enabling or confirming the unique identification of that natural person; in particular, facial or dactyloscopic data.
15) “Health data” refers to personal data related to the physical or mental health of a natural person, including the provision of health services, which reveals information on the individual’s state of health.
[…]
18) “Company” refers to a natural or legal entity which, regardless of its legal form, fulfils an economic activity, including businesses or associations that regularly carry out an economic activity.
19) “Corporate group” refers to a group consisting of the controlling and controlled companies.
[…]
26) “International organisation” refers to an organisation and the public international legal bodies governed by it, or another agency created by an agreement entered into between two or more countries, or by an agreement of this nature.
Article 6 – Lawfulness of processing
1. Processing is only permissible if and inasmuch as at least one of the following situations occurs:
a) The data subject has given their consent to the processing of their data for one or more specific purposes.
b) Processing is necessary for the implementation of a contract to which the data subject is a party, or for pre-contractual arrangements at the request of the data subject.
[…]
f) If the processing is necessary for the legitimate interests pursued by the controller or by third parties, except where the interests or fundamental rights and freedoms of the subject requiring the protection of personal data prevail, in particular, if the subject is a child.
[…]
Article 15 – Access rights of the data subject
1. The data subject has the right to obtain from the controller the confirmation that their data are the object of processing and, if applicable, the right of access to their data as well as the following information:
a) Purpose of data processing.
b) Categories of personal data in question.
c) Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular, recipients established in third-party countries or belonging to international organisations.
d) Where possible, the retention period of personal data, or, if this is not possible, the criteria used to establish such a period.
e) The existence of the right to request the controller rectifies, deletes or limits the processing of personal data in relation to the data subject, or the right to object to such processing.
f) The right to submit a complaint to a supervisory authority.
g) If the data was not collected from the subject, the available information on the origin of the data.
h) The existence of automated decisions, including the definition of profiles, referred to in Article 22, paragraphs 1 and 4, and at least in such cases, useful information concerning the underlying logic and the significance and consequences for the data subject as a result of such processing.
2. Where personal data are transferred to a third-party country or an international organisation, the data subject shall be entitled to be informed of the appropriate safeguards in accordance with Article 46 related to the data transfer.
3. The controller shall provide a copy of the personal data being processed. To provide other copies requested by the data subject, the controller may require payment of a reasonable fee, taking into account administrative costs. If the data subject submits the request by electronic means, and unless otherwise requested by the data subject, the information will be provided in a commonly used electronic format.
4. The right to obtain a copy as referred to in paragraph 3 shall not affect third-party rights and freedoms.
Article 16 – Right of rectification
The subject shall have the right to obtain, without undue delay, from the controller the rectification of inaccurate personal data. Given the purposes of the processing, the data subject has the right to have their incomplete personal data completed, including by means of an additional statement.
Article 17 – Right to data deletion ('right to be forgotten')
1. The subject has the right to obtain from the controller the deletion of their data without undue delay, and the controller must delete the personal data without undue delay when one of the following reasons applies:
a) Personal data are no longer necessary for the purpose for which it was collected or processed.
b) The subject withdraws the consent on which the processing of the data is based under the terms of Article 6, paragraph 1, subparagraph a) or Article 9, paragraph 2, subparagraph a) and if there is no other legal basis for said processing.
c) The subject opposes the processing under Article 21, paragraph 1 and there are no pre-existing legitimate interests justifying the processing, or the subject opposes the processing in accordance with Article 21, paragraph 2.
d) The personal data was processed illicitly.
e) The personal data must be deleted to comply with a legal obligation arising from the law of the European Union or a Member State to which the controller is subject.
f) The personal data have been collected in the context of the provision of services referred to in Article 8, paragraph 1.
2. When the controller has made the personal data publicly available and is obliged to delete the information in accordance with paragraph 1, they shall take reasonable measures, including technical measures, taking into account available technology and the costs of its application, in order to notify those responsible for the effective processing of personal data that the data subject has asked them to delete links to these personal data, as well as copies or reproductions thereof.
3. Paragraphs 1 and 2 shall not apply where the processing is proven to be necessary:
a) To exercise freedom of expression and information.
b) To comply with a legal obligation requiring the processing provided for by the law of the European Union, or of a Member State to which the controller is subject; to exercise functions in the public interest, or to exercise official authority vested in the controller.
c) On the grounds of public interest in the area of public health, in accordance with Article 9, paragraph 2, subparagraphs h) and i) and Article 9, paragraph 3.
d) For archival purposes in the public interest, for the purposes of scientific or historical research or statistical purposes, in accordance with Article 89, paragraph 1, inasmuch as the right referred to in paragraph 1 is likely to render impossible or seriously impede the achievement of such processing objectives.
e) For the declaration, exercise or defence of a right in a judicial proceeding.
Article 18 – Right to restrict processing
1. The data subject has the right to obtain processing restriction from the controller if one of the following applies:
a) To dispute the accuracy of the personal data, during a period that allows the controller to verify their accuracy.
b) The processing is unlawful and the data subject opposes the deletion of personal data and instead requests the restriction of its use;
c) The controller no longer requires personal data for processing but the data subject requires such data for reporting, exercising or defending a right in a legal proceeding.
d) If processing has been opposed in accordance with Article 21, paragraph 1 until it is established that the controller’s legitimate reasons prevail over those of the data subject.
2. Where processing has been limited under the terms of paragraph 1, with the consent of the subject personal data may be processed, except for preservation or for the purposes of declaration, exercise or defence of a right in a judicial defence of the rights of another natural or legal person, or for important reasons of public interest of the European Union or of a Member State.
3. The subject who has obtained processing restriction in accordance with paragraph 1 shall be informed by the controller before the restriction of such processing is cancelled.
Article 20 – Data transferability rights
1. The data subject has the right to receive their data, which they have provided to a data controller in a structured, current and automated reading format, and the right to transfer their data to another controller without the controller to whom the personal data was supplied being able to prevent it, if:
a) The processing is based on consent given under Article 6, paragraph 1, subparagraph a), or Article 9, paragraph 2, subparagraph a) or in a contract referred to in Article 6, paragraph 1, subparagraph b), and
b) The processing is fulfilled by automated means.
2. In exercising the right to data portability in accordance with paragraph 1, the data subject has the right to have the personal data transferred directly between the controllers, where this is technically possible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice of Article 17. This right shall not apply to the processing necessary to exercise functions in the public interest or to exercise official authority vested in the controller;
4. The right referred to in paragraph 1 shall not affect third-party rights and freedoms.
Article 21 – Right of opposition
1. The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their data on the basis of Article 6, paragraph 1, subparagraphs e) or f), or Article 6, paragraph 4, including the definition of profiles on the basis of those provisions. The controller shall cease the processing of personal data unless they submit overriding and legitimate reasons for such processing which prevail over the interests, rights and freedoms of the data subject, or for the declaration, exercise or defence of a right in a judicial process.
2. When personal data are processed for direct marketing, the data subject has the right to oppose at any time the processing of their data for such purpose, which covers the definition of profiles insofar as it is related to direct marketing.
3. If the data subject objects to the processing for direct marketing, the personal data shall no longer be processed for that purpose.
4. At the time of the first communication to the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and distinctly from any other information.
5. In the context of the use of information society services, and without prejudice to Directive 2002/58/EC, the data subject may exercise their right of opposition by automated means using technical specifications.
6. Where personal data are processed for scientific or historical research or statistical purposes, in accordance with Article 89, paragraph 1 the data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data, unless such processing is necessary for the performance of tasks in the public interest.
9. Contact
Should you have any queries or comments regarding data privacy please contact our Data Protection Officers via e-mail (datenschutzbeauftragter@helmag.com).
The further development of the internet requires us to update our Data Privacy Policy. We will publish all required changes on this website.
Germany / Hamburg, 19.11.2020