We, the Gemeinnützige Hertie Stiftung (hereinafter “GHST”), Grüneburgweg 105, 60323 Frankfurt, Germany herewith inform you about the processing of personal data for which we are responsible in the sense of the EU General Data Protection Regulation (GDPR).

You can reach our data protection officer by sending an e-mail to ghst(at)daspro.de or by sending a letter to DPO GHST, daspro GmbH, Kurfürstendamm 21, 10719 Berlin.

Below we have compiled the most important information on typical data processing for you, broken down by groups of data subjects. For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately.

Where the term "data" is used, only personal data within the meaning of the GDPR are meant.

  1. Website Visitors
  2. Members of the Fellows & Friends Online Forum
  3. Participants in other projects and events of GHST
  4. Participants in online events via Zoom
  5. Applicants or a project or event of GHST
  6. Fellows/Alumni of GHST
  7. Newsletter Recipients
  8. Business Partners and their Employees
  9. Interested Parties and Communication Partners
  10. Rights of Data Subjects and Further Information

1. Website Vistors

1.1 Server log data
When using the website, certain information is sent to the server of our website by the browser used on your device for technical reasons. This data is stored and processed on our server.
(i) We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies. A change of the purpose is not planned.
(ii) The data processed is HTTP data: HTTP data is protocol data that is generated for technical reasons when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).
(iii) The legal basis for the processing is our legitimate interest in the operation of an internet presence and the communication with communication partners in accordance with Article 6 (1) (f) GDPR.
(iv) The data is automatically transmitted by the browser of the website visitor.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The server data is not logged, but deleted immediately.
(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.2 Technically required cookies
We use cookies on our website. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.
You can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not function or no longer function properly if you generally deactivate cookies in your browser.

Session Cookies
We use session cookies to manage the login. It enables us to save individual settings and certain user actions for the duration of your visit (e.g. login, language settings).
(i) The purpose of data processing is to enable the login and user-specific settings (e.g. language).
(ii) The processed data are account data and the language selection.
(iii) The legal basis for the processing is our legitimate interest in making the individual sessions available to the users, including the respective language setting, in accordance with Article 6 (1) (f) GDPR.
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The cookie will only be set after successful login and will be deleted automatically after logout. Otherwise the cookie expires automatically after 24 hours.
(vii) Without disclosure of personal data, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.3 Multi- and social media content from third party providers
We integrate multimedia content and content from social media platforms into our website. A data collection of the respective third party providers only takes place if you activate the respective content by clicking on it separately.

a) Facebook
By clicking on the Facebook content to view the Facebook content, you agree that we allow Facebook to collect data for its own purposes. We do this by embedding content stored on Facebook into our website. With this embedding, content from the Facebook website is displayed in parts of a browser window. Before clicking on the respective Facebook content, no data is transmitted to Facebook and no cookies are stored on your device.
As soon as you click on the Facebook content to display the Facebook content, the content is loaded from Facebook. Technically, the same thing happens then as would happen if you clicked a link to go to the Facebook website: Facebook receives all information that your browser automatically transmits (including your IP address). Facebook also sets its own cookies on your device. This also happens if you do not have a Facebook user account. If you are logged in to Facebook, your data will be associated directly with your account. If you do not want the association to your Facebook user account, you must log out of Facebook before activating Facebook content.
The collection and processing of this data is the sole responsibility of Facebook Ireland Limited, Harbour, D2, 4 Grand Canal Quay, Square, Dublin, Ireland. We have no knowledge of further details of the processing of personal data in the area of data controllership of Facebook or a data processing in the USA. GHST has no influence on the data processing of Facebook.
For information about the processing of personal data by Facebook, please refer to the Facebook Privacy Policy: https://www.facebook.com/about/privacy/.

b) Twitter
By clicking on the Twitter content to view the Twitter content, you agree that we allow Twitter to collect data for its own purposes. We do this by embedding content stored on Twitter into our website. With this embedding, content from the Twitter website is displayed in parts of a browser window. Before clicking on the respective Twitter content, no data is transmitted to Twitter and no cookies are stored on your device.
As soon as you click on the Twitter content to display the Twitter content, the content is loaded from Twitter. Technically, the same thing happens then as would happen if you clicked a link to go to the Twitter website: Twitter receives all information that your browser automatically transfers (including your IP address). Twitter also sets its own cookies on your device. This also happens if you do not have a Twitter user account. If you are logged in to Twitter, your data will be associated directly with your account. If you do not want the association to your Twitter user account, you must log out of Twitter before activating Twitter content.
The collection and processing of this data is the sole responsibility of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We have no knowledge of further details of the processing of personal data in the area of data controllership of Twitter or a data processing in the USA. GHST has no influence on the data processing of Twitter.
For information about the processing of personal data by Twitter, please refer to the Twitter Privacy Policy: https://twitter.com/en/privacy.

c) YouTube Embedding (Privacy Enhanced Mode)
If you click on the Youtube videos to play the videos, you agree that we allow Google as the provider of the Youtube service to collect data for its own purposes. The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider.
We include videos into our website that are stored on YouTube. With this embedding, content of YouTube is displayed in parts of a browser window. However, the YouTube videos are only accessed by clicking on them separately. The embedding of YouTube content is carried out in the so-called "Privacy Enhanced Mode". This is provided by Google as the provider of YouTube and thus ensures that no data is transmitted to Google and no cookies are stored on your device before a click to play the video.
As soon as you click the YouTube videos to play the videos, the video is loaded from YouTube. Technically, the same thing happens then as would happen if you clicked a link to go to the YouTube website: YouTube receives all information that your browser automatically transmits (including your IP address). YouTube also sets its own cookies on your device. This also happens if you do not have a YouTube user account. If you are logged in at YouTube or Google, your data will be associated directly with your account. If you do not want the association to your YouTube or Google user account, you must log out of YouTube and Google before clicking on the video.
We have no knowledge of further details of the processing of personal data in the area of data controllership of Google or a data processing in the USA. GHST has no influence on the data processing of Google.
For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy?hl=en-US.

d) Xing
If you click on the Xing content to view the Xing content, you agree that we allow Xing to collect data for its own purposes. We do this by embedding content stored on Xing into our website. With this embedding, content of the Xing website is displayed in parts of a browser window. Before clicking on the respective Xing content, no data is transmitted to Xing and no cookies are stored on your device.

As soon as you click on the Xing content to display the Xing content, the content is loaded from Xing. Technically, the same thing happens then as would happen if you clicked a link to go to the Xing website: Xing receives all information that your device automatically transfers (including your IP address). Xing also sets its own cookies on your device. This also happens if you do not have a Xing user account. If you are logged in to Xing, your data will be associated directly with your account. If you do not want the association to your Xing user account, you must log out of Xing before activating Xing content.

The collection and processing of this data is the sole responsibility of New Work SE, Dammtorstr. 30, 20354 Hamburg as the provider of Xing. We have no knowledge of further details of the processing of personal data in the area of data controllership of Xing or a data processing in the USA. GHST has no influence on the data processing of Xing.

For information about the processing of personal data by Xing, please refer to the Xing Privacy Policy: https://privacy.xing.com/en/privacy-policy.

e) LinkedIn
If you click on the LinkedIn content to view the LinkedIn content, you agree that we allow LinkedIn to collect data for its own purposes. We do this by embedding content stored on LinkedIn into our website. With this embedding, content of the LinkedIn website is displayed in parts of a browser window. Before clicking on the respective LinkedIn content, no data is transmitted to LinkedIn and no cookies are stored on your device.

As soon as you click on the LinkedIn content to display the LinkedIn content, the content is loaded from LinkedIn. Technically, the same thing happens then as would happen if you clicked a link to go to the LinkedIn website: LinkedIn receives all information that your device automatically transfers (including your IP address). LinkedIn also sets its own cookies on your device. This also happens if you do not have a LinkedIn user account. If you are logged in to LinkedIn, your data will be associated directly with your account. If you do not want the association to your LinkedIn user account, you must log out of LinkedIn before activating LinkedIn content.

The collection and processing of this data is the sole responsibility of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We have no knowledge of further details of the processing of personal data in the area of data controllership of LinkedIn or a data processing in the USA. GHST has no influence on the data processing of LinkedIn.

For information about the processing of personal data by LinkedIn, please refer to the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy

2. Members of the Fellows & Friends Online Forum

(i) We process your data for the purpose of offering an online Forum as a platform for a cross-foundation exchange of all Hertie Fellows in innovative professional groups and expert Forums. A change of these purposes is not planned.
(ii) The processed data are:

 Registration data (registration via e-mail)
The registration data includes name, place of residence, e-mail address, password, program as well as further details about the connection to GHST, professional position, requested networks and programs of Fellows & Friends, and a confirmation of age.

 LinkedIn registration data (registration via LinkedIn)
The LinkedIn registration data includes the login data and profile data of the LinkedIn profile, as well as a unique LinkedIn ID, which is generated individually for each LinkedIn API, and corresponding verification token.

 Profile data
You can decide for yourself which of the registration data in your profile should be displayed for everyone in the Forum (except passwords, LinkedIn ID and verification token).

 Content and posts within the Forum
In addition, we process content and posts that you post or publish within the Forum (blog posts, articles, postings, comments, etc).

(iii) The legal basis for the processing is Article 6 (1) (b) GDPR (membership agreement for Fellows & Friends Online Forum).
(iv) The recipients of the profile data and your content and posts within the Forum are the other members of the Fellows & Friends Online Forum. If you join a public group within the Fellows & Friends Online Forum, non-members can also be recipients of your name and photo (if set accordingly). However, group-specific privacy settings are possible within the public and non-public groups of Fellows & Friends Online Forum. We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. If you allow a connection to your LinkedIn profile and log in to the Fellows & Friends Online Forum using your LinkedIn registration details, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland is solely responsible for the processing of personal data in your LinkedIn profile. GHST has no influence on the data processing of LinkedIn. The LinkedIn Privacy Policy applies: https://www.linkedin.com/legal/privacy-policy

According to LinkedIn, you can deactivate the sharing of data from your LinkedIn profile to third parties (in this case GHST) at any time by yourself in your LinkedIn profile in the Privacy Section.
(v) The data of members of the Fellows & Friends Online Forum will only be deleted when the membership ends. Within the public and non-public groups of the Fellows & Friends Online Forum, group-specific privacy settings are also possible with regard to the storage period. Members can change all information in their profile at any time or delete their profile completely. Booking relevant data will be stored for a period of ten calendar years.
(vi) Without disclosure of personal data, a membership in the Fellows & Friends Online Forum is not possible.

3. Participants in other projects and events of GHST

(i) We will process your data for the purpose of carrying out projects and events as well as for the documentation of the projects and events by means of image and sound recordings and the use of the resulting recordings for the purpose of press and public relations work. A further purpose is the transfer of participant data to the cooperation partners named in the context of the individual project and event for the purposes stated in each case. A change of these purposes is not planned.
(ii) The processed data is participant data, which can vary from project to project/event to event. Usually, however, it is the names and contact details of the participants and sometimes photos of the participants or individual project results. Further details are always provided in the context of the specific project or event.
(iii) The legal basis for the processing of participant data in projects and events is Article 6 (1) (b) GDPR (contract to hold the event) and Article 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions). The legal basis for the production of image and sound recordings is your consent in accordance with Article 6 (1) (a) GDPR and Article 6 (1) (f) GDPR (legitimate interest in the documentation of the events we hold and our legitimate interest in the presentation of GHST through press and public relations work). Your consent is given voluntary, participation in the event is also possible without the provision of your consent for recordings. As far as participants in projects and events who are under 16 years of age are concerned, the consent is given by the holder of parental responsibility or the consent of the child is given with the consent of the holder of parental responsibility (Article 8 (1) sentence 2 GDPR). The legal basis for the transfer of participant data to the cooperation partners named in each individual project and event is Article 6 (1) (f) GDPR (legitimate interest in carrying out the project or event).
(iv) For the purpose of press and public relations work, the recipients of the image and sound recordings can be anyone, in particular journalists, media companies, press and photo agencies, members, employees, website visitors, users of social media, as well as service providers we use as processors within the framework of a data processing agreement, in particular commissioned web hosting companies, IT and media service providers. Recipients of the participant data are the cooperation partners named in the context of the individual project and event. Unless otherwise specified in the context of the individual project or event, the cooperation partners are independent data controllers for their processing of personal data. Further details on the data processing of the cooperation partners can be found in the privacy policies of the cooperation partners, which are specified in the context of the respective project and event.
(v) When publishing image and sound recordings on the internet (GHST website, social media platforms of GHST, film recordings in videos (e.g. YouTube)), data is regularly transferred to so-called third countries outside the European Union, which are to be regarded as unsafe third countries in terms of data protection. GHST has no influence on how the social media providers handle the data. GHST has no knowledge of whether and for what purposes the data is further processed in the third country.
(vi) Archived image and sound recordings of the event as well as publications are generally not deleted. All contractual and booking relevant data will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract. Further data collected in the course of the event will be deleted six months after the event has taken place.
(vii) The provision of data is contractually obligatory for participation in events. It is not possible to participate in events and projects without providing personal data. The production of image and sound recordings is not obligatory for participation in the event. If you do not wish to be part of image and sound recordings, please inform our staff at the event location.

4. Participants in online events via Zoom

(i) The purpose of the processing of participant data is to organize, carry out and document online events of GHST via Zoom. If we point this out separately in the context of the individual online event and you give your consent, the online event will be recorded and the recording will be published on the website, the YouTube channel of GHST or other channels specified separately. A change of these purposes is not planned.
(ii) The data of the participants processed by GHST as data controller in the context of the online event of GHST via Zoom are:

 Participant data
Name and surname, e-mail address

 Zoom conference data
Name and e-mail address of the participants
Meeting meta data: Topic, IP address, device/hardware information
Telephone data: For dial-in with telephone, information on incoming and outgoing telephone number, country name, start and end time, additional connection data if necessary.

 Communication data
Within the online event, your communication data in the form of questions, requests to speak or vote, as well as chat content will be processed. You always decide yourself whether and in what form you want to participate.

 Image, sound and video data (and, in case of consent, the corresponding recordings)
Within the online event via Zoom, image, sound and video data of the participants will be processed. However, each person is always free to decide whether they want to switch on their camera and microphone, or whether they just want to communicate via the chat window. If we have obtained your consent in this regard, the online event will be recorded, including the image, sound and video data of the participants.

 Payment data (only for online events with costs)
For paid online events we also process payment data.

(iii) The legal basis for the processing of participant data for the purpose of holding the online event via Zoom is your consent in accordance with Article 6 (1) (a) GDPR. The legal basis for the production and publication of the recordings on the website of GHST or on other specified channels is also your consent in accordance with Article 6 (1) (a) GDPR.
(iv) You may revoke your given consent at any time with effect for the future. The revocation does not affect the lawfulness of the processing that took place before the revocation. Therefore, publications already made (e.g. on websites or in social media) will not be deleted.
(v) The participant data and payment data is actively provided by the data subjects during the registration process for the online event of GHST. The Zoom conference data is also actively provided by the data subjects or automatically by the browser or devices of the data subjects. The image, sound or video data and communication data are automatically collected, the recordings of the image, sound and video data are made by GHST.
(vi) The participant data (and payment data) will be deleted after ten years (legal retention periods due to participation in the online event). The Zoom conference data and communication data will be usually deleted three months after the online event of GHST has taken place, unless otherwise specified in the context of the individual event. The image, sound and video data as well as the corresponding recordings and the selected archived material will not be deleted. However, the excess raw material of the recordings will be deleted three months after the online event has taken place. In addition, you can request the deletion of your personal data at any time, unless we are legally or contractually obliged or entitled to further process the data.
(vii) The recipients of the name, communication data and image, sound and video data are always the moderators and other participants of the respective online event of GHST. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems, in particular the service provider Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. The basis for data processing in the USA is your consent (Article 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future. We have concluded the EU standard contractual clauses with Zoom Video Communications, Inc., so that Zoom Video Communications, Inc. may process your data only for our purposes.

If you create your own profile and register accordingly when you log in to Zoom, Zoom Video Communications, Inc. is solely responsible for the processing of this personal data. We have no knowledge of further details of data processing in the area of data controllership of Zoom Video Communications, Inc. or a data processing in the USA.

For information about the processing of personal data by Zoom Video Communications, Inc. please refer to the Zoom Video Communications, Inc. Privacy Policy: https://zoom.us/privacy.

Recipient of the published image, sound and film recordings including the names of the participants can be anyone, in particular journalists, press agencies, members, employees, website visitors, users of social media, etc., as well as service providers which are used as processors within the framework of a data processing agreement, in particular commissioned web hosting companies and IT and media service providers.

When publishing recordings on the internet (GHST website, videos on e.g. YouTube), data is regularly transferred to so-called third countries outside the European Union, which are to be regarded as unsafe third countries in terms of data protection. GHST has no influence on how the social media providers handle the data. GHST has no knowledge of whether and for what purposes the data is further processed in the third country.

5. Applicants for a project or event of GHST

(i) The purpose of the data processing is to carry out the application process and to select the participants for the respective project or event of GHST. A change of these purposes is not planned.
(ii) The legal basis for data processing is the initiation of a contract for participation in the project or event (Article 6 (1) (b) GDPR). If you do not apply directly yourself, but are proposed, for example, the legal basis is the legitimate interest of GHST in knowing the persons proposed for the project in question and their professional qualifications (Article 6 (1) (f) GDPR).
(iii) The personal data will be passed on internally to the employees responsible. In addition, some of the data will be passed on to a review board and project partners during the application process. In addition, we use service providers as processors within the framework of a data processing agreement in the selection processes, as for the provision, maintenance and servicing of IT systems.
(iv) The applicant data for the study programs, research and further education events will be deleted six months after the end of the application process. All contractual and booking relevant data will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract.
(v) Without the data, participation in the application processes for projects and events of GHST is not possible.

6. Fellows/Alumni of GHST

(i) The purpose of the processing is the participation in fellows/alumni programs of GHST and its organization and documentation. A change of this purpose is not planned.

(ii) The processed data are:
 Master data, name, gender, title, contact data (electronic, postal), birthday, nationality, affiliation to GHST.
 Information on profession, qualifications, education and curriculum vitae, fields of interest, self-description.
 Photographs and independently generated content (pictures, comments, posts).
 Bank details (e.g. for donations)
 Applications, registration data to events (e.g. food requests)

(iii) Legal basis for the processing is your given consent for participation in the fellows/alumni program of GHST in accordance with Article 6 (1) (a) GDPR and Article 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions).
(iv) The recipients of the data may be other participants in the fellows/alumni programs of GHST for the purpose of networking. We use service providers as processors within the framework of a data processing agreement for the provision of services, in particular for the provision, maintenance and servicing of IT systems.
(v) The data of participants in the fellows/alumni program will only be deleted when cancelling the fellows/alumni program.
(vi) Without the data, the participation in the fellows/alumni program of GHST is not possible.

7. Newsletter Recipients

(i) The purpose of the processing is to send newsletters. A change of this purpose is not planned.
(ii) The legal basis for the processing of data for newsletters is your consent (Article 6 (1) (a) GDPR). In the case of newsletter recipients who are under 16 years of age, consent is given by the holder of parental responsibility or the consent of the child is given with the consent of the holder of parental responsibility (Article 8 (1) sentence 2 GDPR).
(iii) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
(iv) Data relating to newsletters will be deleted when you unsubscribe.
(v) Personal data is required to receive newsletters. Without providing personal data, the newsletters cannot be sent.

8. Business Partners and their Employees

(i) The purpose of the processing is the initiation and perfomance of contracts and communication with employees of business partners. A change of this purpose is not planned.
(ii) The legal basis for processing is Article 6 (1) (b) GDPR (initiation and perfomance of the contract) in the case of contracts with natural persons, Article 6 (1) (f) GDPR (legitimate interest, namely communication with contractually relevant contact persons) in the case of contracts with legal persons, and always Article 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions).
(iii) The recipients of data may be banks for the processing of payments. Authorities and offices may be recipients within the scope of their duties, insofar as we are obliged or entitled to transfer data. We also use service providers as processors within the framework of a data processing agreement for the provision of services, in particular for the provision, maintenance and servicing of IT systems.
(iv) All contractual and booking relevant data will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract.
(v) The provision of data is obligatory for business partners and employees of business partners based on statutory and contractual regulations. The business relationship cannot be established and carried out without providing data.

9. Interested Parties and Communication Partners

(i) The purpose of the processing is the communication with interested parties and communication partners of GHST. A change of this purpose is not planned.
(ii) The legal basis for the processing of interested parties and other communication partners is Article 6 (1) (f) GDPR (legitimate interest, namely communication with interested parties and communication partners).
(iii) The inquiries will be passed on internally to the employees responsible. We also use service providers as processors within the framework of a data processing agreement for the provision of services, in particular for the provision, maintenance and servicing of IT systems.
(iv) Inquiries and communication will be deleted automatically after ten calendar years.
(v) The provision of data is obligatory for interested parties and communication partners. Without the provision of data, communication is not possible.

10. Rights of Data Subjects and Further Information

(i) We do not use any methods of automated individual decision-making.
(ii) You have the right to request information at any time about all your personal data which we are processing.
(iii) If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
(iv) You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
(v) If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
(vi) You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.
(vii) If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
(viii) If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
(ix) If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.
(x) Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.

Version: November 2020