Preamble

We would like to explain to you in the following which data we collect, process and use, when we collect it and for what purpose. This is to explain to you how the services we offer work and how the protection of your personal data is guaranteed at the same time.

We only collect, process and use personal data if you have consented to it, a law permits it or we have a legitimate interest in processing such data.

Data Controller

Responsible in terms of data protection law is:

Fastbolt Schraubengroßhandels GmbH
Managing director: Ekkehard Beermann
Am Königsweg 4
D-48599 Gronau

If you have general questions or suggestions for us on the topic of data protection, you can contact us at any time by telephone under +49-(0)2565-9325-0 or by email at datenschutz@fastbolt.com.

I. The collection, processing and use of personal data when visiting our website

You can visit our website without providing any information about yourself. We collect, store, modify or transfer personal data or use it as a means of achieving our own business objectives if this is necessary for establishing, implementing or completing a legal transaction or quasi-legal contractual relationship. This includes:

  • Full name
  • Email address
  • Phone number
  • Your question/enquiry
  • Documents you submit that contain personal data.

We collect, process and use this data in order to contact you and to be able to consider your request to take on a mandate.

In addition, we collect, process and use the following data for the purpose of creating visitor statistics on the use of our website and improving our website. The following data is collected as a part of this:

  • Date and visit to the URL where the visitor is located
  • URL that the visitor visited immediately before
  • Browser used
  • Operating system used
  • Visitor’s IP address

The legal basis for the temporary storage of the data is formed by Art. 6 (1) (f) GDPR.

The data is deleted as soon as it is no longer required for the purpose it was collected.
In the event that data is collected in order to stage the website, it takes place when the respective session has ended.
The logs stored on the server side are automatically deleted after 30 days.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of sensitive content, such as the orders or enquiries you send us as site operator. You can recognise an encrypted connection when you change the address line in your browser from “http://” to “https://” and by the lock icon in the address bar.

If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

Using our contact form

We provide you with an option for contacting us over a form provided on our website if you have questions of any kind.

To do so you need to provide us with a your name and a valid email address so that we know who the enquiry came from and so that we can respond to it. Further details can be provided voluntarily.

Processing of the data entered in the contact form takes place on the basis of a legitimate interest (Art. 6 (1) (f) GDPR). Our legitimate interest in processing your data is to facilitate your contact with us. If you contact us to obtain a quotation, the data you enter in the contact form is processed in order to perform pre-contractual measures (Art. 6 (1) (b) GDPR).

The personal data collected is automatically deleted once the enquiry has been dealt with and there is no legal basis for further storage.

Use of functionally necessary cookies

We use cookies on our website. These are data blocks that are exchanged between our website’s server and the visitor’s browser. These are stored by the respective personal devices used (PC, notebook, tablet, smartphone, etc.) when visiting our website. Cookies cannot cause any harm to the personal devices used in this respect. In particular, they do not contain any viruses or other malware. The cookies stores information that results from the connection made with the specific device used. Under no circumstances can our company obtain direct knowledge of the identity of a visitor to our website.

Cookies are accepted in the main depending on the basic settings made in the browser. The browser settings can be set so that cookies are either not accepted on the personal devices used or that a separate message is displayed before a new cookie is set.

However, we would like to point out that disabling cookies may result in not being able to use all the functions of this website in the most beneficial way.

The use of cookies serves to make the use of the company’s web services more user-friendly. For example, session cookies can be used to track whether the visitor has already visited individual pages on our website. These session cookies are automatically deleted after you leave our website.

Temporary cookies are used to improve user-friendliness. These are stored on the visitor’s personal device for a temporary period of time. When you visit this website again, the cookie automatically recognises that you have already called up the page at an earlier date and which entries and settings you made at that time so that you do not have to repeat them.

Cookies are also used to analyse visits to our website for statistical purposes and to improve our services. These cookies make it possible to automatically recognise that you have already accessed the website or certain content on it when you visit again. The cookies are automatically deleted after a specified period of time.

The data is deleted as soon as it is no longer required for the purpose it was collected. In the event that data is collected in order to stage the website, it takes place when the respective session has ended.

The Consent Manager Borlabs banner appears when you visit our website for the first time. Here you can agree to or reject the cookies used.

Yumpu flip catalogue

Our flip catalogue is offered by Yumpu, Gewerbestrasse 3, 9444 Diepoldsau, Switzerland. Use takes place on request, the interested party’s IP address is transferred. An adequacy decision pursuant to Art. 45 (1) & (3) GDPR exists for Switzerland as a third country. Usually the data is transferred to the servers located in Ireland. In the event that the data is also processed outside the European Economic Area (EEA), Yumpu ensures that appropriate measures are taken to ensure that your personal information and rights are protected. By choosing to consent to us using the service in our Consent Manager, you also consent to this data being transferred to a third country pursuant to Art. 49 (1) (a) GDPR and you warrant that you are aware that an adequate level of data protection may not be guaranteed in such third countries. The data is deleted after 6 days.

Online Shop

The shop is accessible over our website and is only activated for registered regular customers.

In order to use our online shop on a permanent basis, you need to register and create a customer account, which requires the provision of personal data. A personal customer account is set up when you register for the first time.

To do so you need to provide the following personal data:

  • Title, name (first and last name)
  • Address
  • Postal address
  • Phone number

We process the data collected during registration in order to provide you with access and allow you to use our online shop.

Your data is processed on the basis of Art. 6 (1) (b) GDPR for the purpose of fulfilling the contract or implementing pre-contractual measures.

You can delete your customer account at any time by sending an informal email to vertrieb@fastbolt.com. Once your customer account has been deleted, your data will be restricted for further processing and deleted once the retention obligations that apply to us under commercial and tax law have expired.

The legal basis for this continued data processing is then our legal obligation under the statutory retention obligations pursuant to Art. 6 (1) (c) GDPR.

Data Storage

Login data and IP addresses are generally deleted no later than after 180 days.

Data Security

We secure our website and other systems with technical and organisational measures against the loss, destruction, access, modification or dissemination of your data by unauthorised persons. However, despite regular monitoring taking place, complete protection against all threats is impossible. Furthermore, our website may contain links to other websites to which our privacy policy does not extend.

Newsletter

Newsletters are sent using the newsletter tool Sendinblue provided by the company of the same name based in Paris, France. Only registered customers can subscribe to the newsletter in our online shop. If you like to receive our newsletter, we need a valid email address from you and information that confirms that you are the owner of the email address you have provided or that the owner agrees to receiving the newsletter. If, pursuant to Art. 6 (1) (1) (a) GDPR, you have expressly consented, we will use your email address to send you our newsletter on a regular basis. The valid email address will only be used for sending the newsletter and will not be disclosed to third parties.

We use the data recorded in the newsletter subscription form exclusively for sending out our newsletter, where we provide information about our complete range of services. Following your subscription, we send you a confirmation email with a link that you need to click on in order to complete your subscription to our newsletter (double opt-in).

When you subscribe to our newsletter, we save your customer account and the subscription date. This storage serves solely as evidence in the event that a third party misuses an email address and subscribes to the newsletter without the knowledge of the authorised person.

You can revoke your consent to receive newsletters at any time by clicking on the link at the end of each email or by sending an email to vertrieb@fastbolt.com. As a result, your contact details will be deleted immediately.

If you contact us by email or over a form (e.g. call-back request), we only use the personal data you provide for processing your specific enquiry. The data provided is treated strictly confidentially.

II. Provisions for business partners

Purposes for which the personal data is processed and the legal basis for processing

We process personal data insofar as it is necessary for establishing, implementing and fulfilling a contract and for implementing pre-contractual measures (Art. 6 (1) (b) GDPR, e.g. in connection with initiating, fulfilling and managing orders), to comply with a legal obligation (Art. 6 (1) (c) GDPR, e.g. compliance with commercial and tax retention obligations pursuant to Sec. 257 German Commercial Code (HGB) and Sec. 147 German Tax Code (AO)), to protect the legitimate interests of the data controller or a third party (Art. 6 (1) (f) GDPR, e.g. storing data for a reasonable period of time for acquisition drives or for asserting legal claims and defending legal disputes) as well as based on the consent of data subjects (Art. 6 (1) (a) GDPR, e.g. disclosing data to affiliated companies or third parties, evaluating data for marketing purposes or for advertising by email).

Categories and sources of processed personal data

We process personal data that we receive from you or from public sources, such as trade registers, the Internet and directories, or from third parties, such as credit agencies or business partners in the course of contacting you and in the course of our business relationship, e.g. for processing an enquiry or an order.

 

Relevant personal data includes, in particular, personal data (such as surname, first name, address) and other contact data (such as telephone number, email address). In addition, this can also be data that relates to your person (e.g. profession, position, duties and responsibilities) as well as other data comparable to the categories mentioned.

Recipients or categories of recipients of personal data

Only those departments within the company receive access to the data that need it to fulfil contractual and legal obligations or to pursue our legitimate interests (e.g. Sales). We may transfer your personal data to our affiliates to the extent permitted by the purposes and legal bases set out in Sec. 3 of this privacy notice. Data processors we use pursuant to Art. 28 GDPR may also process data for these purposes, e.g. IT service providers and cloud providers. All service providers are mandated by contract to treat your data confidentially.

 

Data is only disclosed to recipients outside the company in compliance with the applicable data protection regulations. Recipients of personal data may include, for example, companies in the logistics sector, service providers, suppliers, subcontractors, tax advisers, auditors and tax inspectors, credit and financial service providers, credit rating agencies, debt collection companies, lawyers and public authorities. In such cases, information is disclosed to these companies or individuals so that they can process it further.

Transfer to a third country (outside EU/EEA) or to an international organisation

The transfer of personal data to a third country within the scope of order processing is generally based on an EU adequacy decision and signing standard data protection clauses, taking into account contractual, technical and organisational measures to comply with the data protection level in the EU. If the data is transferred to a third country that does not meet the aforementioned criteria, this takes place in exceptional cases based on a legal obligation or consent by the data subject.

Duration for which personal data is stored and the criteria for determining this

The requisite personal data is stored for the duration that warranty and guarantee claims exist. In addition, personal data is retained in accordance with the periods prescribed by law. Corresponding obligations to provide proof and to keep records arise from the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for storage and documentation specified by these laws then amount to up to ten years. We delete THIS data on a regular basis if it is no longer required to fulfil these contractual duties or statutory obligations.

 

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately or obtain your consent if so required by law.

Is there an obligation to provide personal data?

Within the framework of the contractual relationship or the initiation of a contract, you are obliged to provide us with the personal data required for entering into, performing and completing and fulfilling the related contractual obligations, or the data we are required to collect by law. There is no obligation to provide us with this data. Generally, we will not be able to carry out the necessary pre-contractual measures or enter into the contractual relationship with you without this data.

Separate information concerning your right to object pursuant to Art. 21 GDPR

Pursuant to Art. 21 (1) GDPR, for reasons arising from your particular situation, you have the right at any time to object to personal data relating to your person being processed, which takes place based on Art. 6 (1) (f) GDPR (data processing based on a balancing of interests).

 

If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending against legal claims.

 

If we process your personal data for direct advertising purposes, pursuant to Art. 21 (2) GDPR, you are entitled to submit an objection at any time against processing your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

 

If you would like to exercise your right to object or other data subject rights, simply send us a notification in text form. You can write to us or contact us by email.

III. Provisions for job applicants

Thank you for your interest in applying for a position at our company or your interest if you have already applied. Pursuant to Art. 13 & 14 EU General Data Protection Regulation (EU GDPR), we would like to inform you in the following about the purposes for which we process the application documents (data) we receive from you on a voluntary basis and the rights you have in this regard.

Purposes for which the personal data is processed and the legal basis for processing

We process the information you have provided us with in connection with your application to assess your suitability for the position (or, if applicable, other vacant positions at our companies) and to perform the application process.

The legal basis for processing your personal data in the application process is primarily formed by Sec. 26 German Federal Data Protection Act (BDSG). Pursuant to this, we are permitted to process data that is required in connection with the decision to establish an employment relationship.

Furthermore, we can process personal data relating to your person insofar as it is required for fulfilling legal obligations (Art. 6 (1) (c) GDPR, e.g. reimbursement of travel expenses) as well as for defending legal claims asserted against us in connection with the application process. The legal basis for this is formed by Art. 6 (1) (f) GDPR); the legitimate interest is, for example, a burden of proof in proceedings under the General Act on Equal Treatment Act (AGG). If the need for longer-term storage arises (e.g. for additional vacant positions or positions that become vacant), this will take place based on your written consent (pursuant to Art. 6 (1) (a) GDPR). The same applies to sharing your application data with other companies in our group of companies.

Insofar as special categories of personal data as defined in Art. 9 (1) GDPR are voluntarily submitted as part of the application process, they will also be processed pursuant to Art. 9 (2) (b) GDPR in conjunction with Sec. 26 (3) German Data Protection Act (BDSG) (e.g. severely disabled status). Insofar as special categories of personal data as defined in Art. 9 (1) GDPR are requested from applicants as part of the application procedure, they will also be processed pursuant to Art. 9 (2) (a) GDPR in conjunction with Sec. 26 (2) & (3) (2) German Data Protection Act (BDSG) (e.g. health data if this is required for practising the profession).

Categories and sources of processed personal data

We process personal data that we receive from you or recruiters as part of the application process, such as personal data (name, address and other contact details, date and place of birth, nationality), bank details (for the purpose of reimbursing travel expenses), qualification records (e.g. certificates, assessments and other proof of training), IP addresses and photographs in particular.

Recipients or categories of recipients of personal data

Applicants can submit their applications using the online form on our website. The data is encrypted according to the state of the art and transferred to us. Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and that applicants should provide for encryption themselves. This means that we can take no responsibility for the transfer of the application between the sender and its receipt on our server and therefore recommend using the online form or delivery by post.

On receipt of your application for employment, our Human Resources department will view your data. Suitable applications are then made available internally to the specialist departments responsible for each vacant position. In principle, only those persons in the company have access to your data who need it for the orderly completion of the application process.

Your personal data can be processed on our behalf on the basis of data processing contracts pursuant to Art. 28 GDPR. This applies in particular to IT service providers, cloud computing and applicant management systems and software. Recruiters may also be commissioned as part of the application process. All service providers are mandated by contract to treat your data confidentially.

 

Otherwise, data will only be disclosed to recipients outside the company if this is permitted or required by law, if the disclosure is required to fulfil legal obligations or if we have your consent.

Transfer to a third country (outside EU/EEA) or to an international organisation

A transfer to a third country does not take place and is not planned.

Duration for which personal data is stored and the criteria for determining this

If no employment relationship is established following your application, we keep your candidate data for a maximum of six months from the date you are notified of the rejection decision so that we can answer any follow-up questions concerning your candidature and meet our obligations to provide proof under the General Act on Equal Treatment (AGG). This does not apply if statutory provisions prevent deletion (e.g. the archiving of travel expense reimbursements in accordance with tax law requirements for up to 10 years), if further storage is required for the purpose of providing proof or if you have expressly consented to longer storage. In the event that you consent to the longer storage of your personal data, we transfer your data to our pool of candidates. You data will be deleted from this pool after a year.

If you are accepted for a position in the course of the application process, the relevant and essential data is transferred from the candidate data system to our HR data system.

 

The decision on your application is not based solely on automated processing. No automated decision-making takes place in individual cases as defined in Art. 22 GDPR.

Is there an obligation to provide personal data?

 

You only have to provide the personal data that is required for the application process as part of the application process. There is no obligation to provide us with this data. We will generally not be able to complete the application procedure and make a decision on establishing an employment relationship without this data.

Separate information concerning your right to object pursuant to Art. 21 GDPR

Pursuant to Art. 21 (1) GDPR, for reasons arising from your particular situation, you have the right at any time to object to personal data relating to your person being processed, which takes place based on Art. 6 (1) (f) GDPR (data processing based on a balancing of interests).

If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending against legal claims.

If you would like to exercise your right to object or other data subject rights, simply send us a notification in text form. You can write to us or contact us by email.

IV. Provisions for participants in video conferences in “MS Teams”

In the following, we inform you about processing personal data on the basis of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) in connection with conducting online meetings using the video conferencing tool “Microsoft Teams”.

Note: Insofar as you access the “Microsoft Teams” website, the provider of “Microsoft Teams” is responsible for data processing. However, you only need to call up the website for using “Microsoft Teams” in order to download the software for use.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” in your browser. The service is then also provided over the “Microsoft Teams” website.

Purpose of processing

We use the “Microsoft Teams” app to conduct telephone and video conferences (hereinafter: “Online Meetings”). “Microsoft Teams” is a service from Microsoft Corporation.

Legal basis for data processing

Insofar as personal employee data from Fastbolt Schraubengroßhandels GmbH is processed, Sec. 26 German Federal Data Protection Act (BDSG) forms the legal basis for data processing. In connection with using “Microsoft Teams”, if personal data is not required for establishing, implementing or terminating the employment relationship, but is still an elementary component of using “Microsoft Teams”, Art. 6 (1) (f) GDPR forms the legal basis for data processing. In these cases, our interest lies is in the effective implementation of “Online Meetings”.

To the extent that the processing of personal data is required in the context of online meetings for fulfilling a contract to which you are a contracting party or for implementing pre-contractual measures that take place at your request, Art. 6 (1) (b) GDPR serves as the legal basis for processing personal data.

If no contractual relationship exists, the legal basis is formed by Art. Art. 6 (1) (f) GDPR. Our interest lies is in the effective implementation of “Online Meetings” here too.

If video and audio recordings need to be made in exceptional cases, this will only take place on the basis of the consent provided by you pursuant to Art. 6 (1) (a) GDPR.

Type and scope of the data processing

We use “Microsoft Teams” to hold “Online Meetings”. If we want to record “Online Meetings”, we inform you clearly in advance and ask for your consent. We will log chat transcripts where necessary for the purposes of logging the results of an “Online Meeting”. However, this will usually not be the case.

Automated decision-making as defined in Art. 22 GDPR does not take place.

The following personal data is subject to processing when using “Microsoft Teams”, whereby the scope of the data also depends on the information you provide before or when participating in an “Online Meeting”:

User details (registration information): e.g. user name, activation and conference codes, email address, first and last name, company, organisation ID, participant IP, profile photo (optional)

Configuration and communication data: e.g. device name, IP address, geodata, time zone, activity logs, hardware type

Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information

Text, audio and video data: you may have the option to use the chat function in an “Online Meeting”. In this connection, the text you enter will be processed in order to display it in the “Online Meeting”. To facilitate the video display and audio playback, data from your personal device’s microphone and any video camera on your device will be processed accordingly for the duration of the meeting. You can disable or mute the camera or microphone yourself at any time in the “MS Teams” apps.

Recipient/data disclosure

With regard to processing personal data in connection with participating in “Online Meetings”, no disclosure to third parties takes place as a matter of principle, unless it is specifically intended for disclosure. Please note that content from “Online Meetings” is often intended precisely for communicating information with clients, prospects or third parties as with face-to-face meetings, and is therefore designed to be shared.

Another recipient is the provider of “Microsoft Teams”, Microsoft Corporation.

Data processing outside the EU/EEA

Data processing in third countries does not take place as a matter of principle, because we and/or the service provider have restricted the storage location to data centres in the EU or the EEA.

However, we cannot rule out the possibility that the service provider also uses servers outside the EU or EEA or that the data is routed through Internet servers that are located outside the EU or EEA. In this case, the conclusion of EU standard data protection clauses primarily guarantees an adequate level of data protection. Furthermore, the data is encrypted during transmission over the Internet as a supplementary protective measure and therefore fundamentally secured against unauthorised access by third parties.

Retention Period

Your personal data that we process in the course of you using “Microsoft Teams” will generally be deleted as soon as it is no longer required for the purposes for which it was collected. A storage requirement may exist, specifically, if the data is still needed to fulfil contractual obligations and fulfil, grant or defend against warranty or, if applicable, guarantee claims. If statutory storage obligations of 6 years or 10 years exist pursuant to commercial and tax law, deletion only comes into consideration once the respective retention obligation has expired. If and insofar as processing is based on your consent, the data is only stored until you revoke your consent, unless another legal basis for the processing exists.

Revocability of your consent

If processing takes place on the legal basis of consent, it can be revoked at any time. Revoking your consent does not affect the lawfulness of the processing that took place until revocation (Art. 7 (3) GDPR).

Right to appeal to a supervisory authority

You have the right to appeal to a supervisory authority responsible for data protection concerning our processing of your personal data.

V. Rights of the data subject

Right to information

You can ask the data controller to confirm whether we process personal data relating to your person.

If we do, you can ask for details from the data controller concerning the following information:

  • The purposes for which your personal data is processed;
  • The categories of personal data processed;
  • The recipients or categories of recipients to whom the personal data relating to your person has been disclosed or is still being disclosed;
  • The amount of time your personal data is planned to be stored for or, if specific information is not available, criteria for determining the duration of storage;
  • The existence of the right to have personal data corrected or deleted, a right to restrict how much it can be processed by the data controller and the right to object to your personal data being processed;
  • The existence of the right of appeal to a supervisory authority;
  • All information available on the data source if the personal data is not collected from the data subject;
  • You are entitled to request information about whether your personal data is transferred to a third country or international organisation. In this relation, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the data controller, if the personal data concerning your person is incorrect or incomplete. The data controller must perform the correction without delay.

Right to restrict processing

You may ask for the personal data relating to your person to be restricted in processing under the following conditions:

  • The accuracy of the personal data relating to your person is contested for a period of time that allows the data controller to verify the accuracy of your personal data;
  • Processing is unlawful and you refuse to have your personal data deleted and instead request the restriction of its use;
  • If the data controller no longer needs your personal data for the purposes of processing, but you need it to establish, exercise or defend against legal claims, or
  • If you have objected to its processing subject to Art. 21 (1) GDPR, and it is not certain that the legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data concerning your person has been restricted, it may only be used with your consent, or for the purpose of asserting, exercising or defending legal claims, or for protecting the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a member state.

If the restriction on processing has been restricted in accordance with the aforementioned conditions, the data controller responsible will inform you before the restriction is lifted.

Right to deletion

a)    Deletion Obligation

You have the right to ask the data controller to delete the personal data relating to your person without delay, and the data controller is obliged to delete it immediately if one of the following is true:

  • If personal data relating to your person is no longer needed for the purposes for which it was collected or otherwise processed;
  • You revoke your consent to processing your personal data pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR and there is no other legal basis for its processing;
  • You object to the processing of your personal data pursuant to Art. 21 (1) GDPR, and there are no legitimate reasons for its processing, or you object to its processing pursuant to Art. 21 (2) GDPR.
  • The personal data relating to your person was processed illegally.
  • Deletion of personal data relating to your person is required to fulfil a legal obligation under European Union law or the law of the member states to which the data controller is subject.
  • The personal data concerning your person was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b)   Information to third parties

If the data controller has made the personal data concerning your person public and is obliged to delete it subject to Art. 17 (1) GDPR, he shall take appropriate measures, including technical means, to inform data controllers who process the personal data, taking into account available technology and implementation costs, that you as the data subject have requested that all links to such personal data or copies or replications of such personal date be deleted.

c)    Exceptions

The right to deletion does not exist if the data needs to be processed

  • To exercise the right to freedom of expression and information;
  • To fulfil a legal obligation required by the law of the European Union or member states to which data the controller is subject, or to carry out a task in the public interest or in exercising an official power conferred to the data controller;
  • For asserting, exercising or defending against legal claims.

Right to be informed

If you have asserted your right to the rectification, deletion or restriction in processing your personal data to the data controller, he is obliged to notify all recipients to whom your personal data has been disclosed of the corrections that have been made to your data or its deletion, or its restriction in processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the data controller about the identity of these recipients.

Right to data portability

You have the right to receive personal data that concerns your person, which you have provided to the data controller, in a structured, standard and machine-readable format. You also have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data was provided, insofar as

  • Processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or based on a contract pursuant to Art. 6 (1) (b) GDPR and
  • processing is performed using automated procedures.

In exercising this right, you also have the right to effect that the personal data concerning your person be transferred directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons are not allowed to be affected by this.

The right to data portability does not apply when personal data is required to perform a task that is in the public interest or in exercising an official power which has been delegated to the data controller.

Right to object

On grounds relating to your particular situation, you have the right to object at any time to the processing of personal data concerning your person which is based on Art. 6 (1) (f) GDPR, including any profiling based on these provisions.

If you object, the data controller will no longer process your personal data unless he can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending against legal claims.

Right to withdraw your declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of any processing performed based on the consent you granted until revocation took place.

Right to appeal to a supervisory authority

Without prejudice to another administrative or judicial remedy, you are entitled to complain to a supervisory authority, in particular in the member state where your place of residence, place of employment or place of the alleged breach is located, if you believe that processing your personal data breaches the GDPR.

The supervisory authority to which the complaint is submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

VI.  Contact person for data protection

For questions concerning the collection, processing or use of your personal data, and for information, correction, blocking or deletion of data, please contact:

DSB Münster GmbH
Martin-Luther-King-Weg 42-44
D-48155 Münster
datenschutz@fastbolt.com