Skip to content
nebelverhangene Landschaft in der Toskana
Immobilien-Suche
Object ID search

Our Privacy Policy

Privacy Policy for the website www.toscana.de
(last updated: May 2018)

Download: Information sheet for property customers

Privacy Policy

The company Toscana Landhäuser GmbH has summarised the conditions under which personal data is processed on this website in this Privacy Policy, which meets the requirements of the General Data Protection Regulation (GDPR). In principle, use of the website www.toscana.de is possible without providing personal data. This may require settings to be made in order to disable certain services mentioned in this Privacy Policy. If certain services on this website are used, personal data may be transmitted. The details can be found in the following sections of this Privacy Policy.

I. Some terms used in this Privacy Policy

Controller
Toscana Landhäuser GmbH, represented by its Managing Director, for this website
– Personal data
All data relating to an identified or identifiable person; see Art. 4 GDPR
–Processing
Procedures with or without the aid of automated practices, such as collection, recording, organisation, arrangement, storing, adaptation, modification, reading, retrieval, use and disclosure, by means of transmission, dissemination, provision, comparison, linking, erasure or destruction, in connection with personal data
– Consent
An express declaration by which the data subject indicates that he or she agrees to the processing of personal data
– Erasure
The deletion in full of any traces of data, without it being recoverable
– Blocking
Restriction of the processing of personal data if retention obligations or legal requirements or any possible legal prosecution prevent the Controller from deleting personal data
– Recipient
The destination (person, company) to which personal data is transferred, if applicable.

II. Name and address of the Controller

The Controller within the meaning of the data protection regulations is:

Toscana Landhäuser GmbH Friedrichstrasse 120
10117 Berlin
Germany

Managing Director: Corinna Hohmuth

Telephone: +49 (0)731-967330
Fax: +49 (0)731-9673333

Email: info@toscana.de

III. Name and address of the Data Protection Officer

The company Toscana Landhäuser GmbH does not have to appoint a Data Protection Officer under with the legal requirements of the GDPR.

IV. General information on data processing

1. The scope of the processing of personal data

We process your personal data only insofar as this is necessary to provide a functioning website, as well as our content and our services. We regularly process the personal data of our users, but only with their consent. An exception applies in cases in which prior consent cannot be obtained for reasons in practice and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject to process their personal data, Art. 6 para. 1 a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is needed in order to perform a contract to which the data subject is a party, Art. 6 para. 1 b) GDPR serves as the legal basis. This also applies to processing operations that are necessary in order carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or of a third party, and the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 f) GDPR serves as the legal basis for the processing.

3. Collaboration with third parties

In the context of us processing personal data, it may be the case that this data is transferred to third parties. These third parties may also be commissioned processors of ours. This will only take place on the basis of legal permission to do so, if you have consented to your data being passing on, if a legal obligation provides for this, or if our legitimate interests according to Art. 6 para. 1 sentence 1 f) GDPR allow this. If third parties receive personal data from us on the basis of a commission for data processing, the transfer of this data shall take place in accordance with Art. 28 GDPR.

4. Processing in third countries

It is possible that personal data may be transferred to third countries, including outside the EU, within the framework of our processing activities. If this is the case, this will be done on the basis of our legitimate interests and the consent you have provided as part of the fulfilment of existing (pre)contractual obligations or legal requirements. Where processing takes place in third countries, this is done in accordance with Art 44 GDPR, i.e., on the basis of special guarantees of compliance with the data protection level applicable in the EU, which in the USA, for example, is done through the Privacy Shield, or by observing special contractual obligations.

5. Erasure of data and duration of retention

The personal data of the data subject will be erased or blocked as soon as the purpose of its retention no longer applies. In addition, the data may be stored if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the Controller is subject. Blocking or erasure of data will also be carried out once a retention period prescribed by the above-mentioned standards elapses, unless further retention of the data is necessary in order to conclude or perform a contract or fulfil any other legal obligation.

V. Provision of the website and creation of log files

1. Description and scope of the data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

  1. (1) Information about the browser type and the version used
  2. (2) The user’s operating system
  3. (3) The user’s internet service provider
  4. (4) The IP address of the user, and, if applicable, the previously visited website
  5. (5) The date and time of access
  6. (6) The websites from which the user’s system accesses our website
  7. (7) The websites accessed by the user’s system via links on our website

The data is also stored in our system’s log files. This data is not stored together with any other personal data pertaining to the user.

2. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 f) GDPR also lies in these purposes.

3. Purpose of the data processing

The system needs to temporarily store the IP address in order to enable the website to be delivered to the user’s computer. To this end, the IP address of the user must be stored for the duration of the session.

Data is saved in log files to ensure the functionality of the website. The data is also used by us to optimise the website and ensure the security of our information technology systems. We do not evaluate this data for marketing purposes. Our legitimate interest in data processing in accordance with Art. 6 para. 1 f) GDPR also lies in these purposes.

4. Duration of retention

All data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In the event that the data was collected in order to provide the website, it will be deleted once the session in question ends.

Should any data be saved in log files, it will be deleted within seven days at the latest. Retention beyond this point is possible. In this case, the user’s IP address will be erased or distorted, so that the accessing client can no longer be identified.

5. Possibility of objection and elimination

The collection of data to make the website available and the storage of the data in log files is essential in order to operate the website. Consequently, users cannot object to its collection.

VI. Hosting services

We use hosting services, which we make use of from a partner (third party and recipient of data) for the purpose of providing this website and the services associated therewith. Personal data is processed within the context of this hosting, in particular, the data from the log files and cookies, but also communication data from the contact forms, etc., of data subjects. The purpose of this processing is to provide our online offering. Our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 f) GDPR also results from this. The data will be erased as soon as it is no longer required to provide the offering. There is no possibility of objection on the part of the user. There is an agreement with the partner in accordance with Art. 28 GDPR.

VII. Use of cookies

a) Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored within or by the internet browser on your computer system. If a user visits a website, a cookie may be stored on that user’s operating system. This cookie contains a characteristic

string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that your browser be identifiable as you move on to another page within the site.

If you do not want cookies to be saved, you will be asked to disable the setting in your own Internet browser. Please note that this may result in you not being able to use all of the features of the website in full.

The following data is stored and transmitted in the cookies: a list of the stored data follows. Examples may include:

  1. (1)  Language settings
  2. (2) Items in a shopping basket
  3. (3)  Log-in information

In the event that cookies that are not technically essential are used:

We also use cookies on our website that enable an analysis of the surfing behaviour of users.

This allows the following data to be transmitted:
a list of the data collected follows. This may include, for example:

  1. (1) Search terms entered
  2. (2)  Frequency of page views
  3. (3) Use of website features

The user data collected in this way is pseudonymised using technical means. It is therefore no longer possible to match the data to the user accessing the site. The data is not stored together with the user’s other personal data.

When accessing our website, users are informed about the use of cookies for analytical purposes by means of an information banner and are referred to this Privacy Policy. A note is also included in this context as to how the user can disable the storage of cookies in their browser settings.

When accessing our website, the user is informed about the use of cookies for analysis purposes, and their consent to the processing of the personal data used in this connection

is obtained. Reference is also made in this regard to this Privacy Policy.

b) Legal basis for the data processing

The legal basis for the processing of personal data by using cookies is Art. 6 para. 1 f) GDPR.

The legal basis for the processing of personal data using technically essential cookies is Art. 6 para. 1 f) GDPR.

The legal basis for the processing of personal data by using cookies for analytical purposes, if the user’s consent to this has been obtained, is Art. 6 para. 1 a) GDPR.

c) Purpose of the data processing

The purpose of using such technically essential cookies is to make the website easier to use. Some features of our website cannot be made available without the use of cookies. In order for that to be possible, it is necessary for your browser to remain recognisable as you make your way through our site.

We require cookies for the following applications:
a list of the applications follows. Examples may include:

  1. (1) Shopping baskets
  2. (2)  Applying language settings
  3. (3)  Remembering search terms

The user data collected by technically essential cookies is not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content. By analysing cookies, we learn how the website is used and can thus constantly optimise our offering.

Our legitimate interest in the processing of personal data according to Art. 6 para. 1 f) GDPR also lies in these purposes.

e) Duration of retention, possibility of objection and elimination

Cookies are stored on the user’s computer and are transmitted to our site. As a user, you, therefore, have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be erased at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all features of the website in full.

The transmission of flash cookies cannot be prevented by changing the browser settings; however, it can be prevented by changing the settings of the flash player.

VIII. Contact form and email contact as well as frames and links

1. Description and scope of the data processing

Various places on our website feature a contact form that can be used contacting us electronically. If a user accept this option, the data entered in the input screen will be transmitted to us and saved. This data includes: surname, first name, email address and, usually, the IP address of the user and the date and time of registration.

During the submission process, your consent to the processing of this data is obtained, and reference is made to this Privacy Policy.

Alternatively, you may contact us via the email address provided. In this case, the user’s personal data that is transmitted along with the email will be stored.

The data may be processed in a customer relationship management system or a comparable digital system.

2. Legal basis for the data processing

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 para. 1 a) GDPR.

The legal basis for processing data that is transmitted in the course of sending an email is Art. 6 para. 1 f) GDPR. If you send us an email with the intention of entering into a contract with us, this creates an additional legal basis for processing under Art. 6 para. 1 b) GDPR.

3. Purpose of the data processing

Personal data that is provided in contact forms is processed solely for our own purposes, in order for us to deal with your contact request. In the event that we are contacted by email, this also constitutes our necessary legitimate interest in the processing of the data.
The other personal data that is processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of retention

All data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form input mask and that which is sent by email, this is the case once the conversation in question has ended, or, if the reason for making contact is linked to a pre-contractual measure or a contract, once this has expired and there are no more legal retention periods. The conversation is deemed to have ended once the circumstances indicate that the matter in question has been finally resolved. We routinely review the necessity of further processing data every two years, and we observe the legal retention periods.

The additional personal data that is collected during the submission process will be erased at the latest after a period of seven days.

5. Possibility of objection and elimination

The user has the option of revoking their consent to the processing of their personal data at any time. If a user has contacted us by email, they can object at any time to the storage of their personal data. If this right is exercised, it will not be possible to continue the conversation. Consent can be revoked by sending an email to info@toscana.de.

In such cases, all personal data that was stored as part of the process of making with us will be erased.

Please note that our website also includes integrated contact forms/iframes/links to external providers:

  • www.makler-empfehlung.de, with the reviews there
  • www.immowelt.de
  • www.immonet.de
  • www.ivd.net
  • www.bellevue.de
  • www.luxuryrealestate.com
  • www.ivd24.de
  • www.immobilienscout24.de

We would like to point out that personal data is also collected and processed on the websites of these providers; however, we do not have access to the revocation system or cancellation option there. The data will only be forwarded for the purpose of the request made by the data subject. The legal basis for the processing of users’ personal data is Art. 6 para. 1 f) GDPR.

IX. Google Analytics

1. Description and scope of the data processing

We use Google Analytics on our website. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Google uses cookies (see above). The information generated by the collection of such cookies is transferred to a Google server in the USA and stored there. Google guarantees that the data protection regulations are observed and is certified under the Privacy Shield Agreement. We use Google Analytics with IP anonymisation enabled, where the IP address is truncated. Only in exceptional cases will the full IP address be transferred to the USA and truncated there.

2. Legal basis for the data processing

The legal basis for the processing of data is Art. 6 para. 1 f) GDPR.

3. Purpose of the data processing

The processing of personal data serves to enable us to improve our online presence and to evaluate user behaviour on our website. Google uses the personal data that is transmitted to perform evaluations of the user behaviour on our website. In addition, other Google services are offered to us. Google does not combine the transmitted IP address, or parts thereof, with other personal data.

4. Duration of retention

All data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form input mask and that which is sent by email, this is the case once the conversation in question has ended, or, if the reason for making contact is linked to a pre-contractual measure or a contract, once this has expired and there are no more legal retention periods. The conversation is deemed to have ended once the circumstances indicate that the matter in question has been finally resolved. We routinely review the necessity of further processing data every two years, and we observe the legal retention periods.

The additional personal data that is collected during the submission process will be erased at the latest after a period of seven days.

5. Possibility of objection and elimination

Users can disable the provision of cookies in their browser. This may then result in the functionality of the website being restricted. You can prevent the data that is generated by cookies about your use of the website from being passed on to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data for advertising purposes by Google, settings options and possibilities for objection can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners/

(“How Google uses data when you use our partners’ websites or apps”),

http://www.google.com/policies/technologies/ads
(“Use of data for advertising purposes”),

http://www.google.com/settings/ads
(“Manage information that Google uses to show you ads”) and

http://www.google.com/ads/preferences/
(“Determine which ads Google shows you”).

X. Google Fonts

We integrate fonts from Google (Google FONTS). The address of the provider is as under Google Analytics. Personal data may be transmitted here; see Google Analytics. For further information, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de. There is the possibility of opting out via the following link: https://adssettings.google.com/authenticated 

XI. Google Maps

We integrate maps from Google (Google Maps). The address of the provider is as under Google Analytics. Personal data may be transmitted here; see Google Analytics. For further information, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

There is the possibility of opting out via the following link: https://adssettings.google.com/authenticated

XII. YouTube

We integrate videos from the platform Youtube, from the provider Google, on our website; the address of the provider is as under Google Analytics. Personal data may be transmitted here; see Google Analytics. For further information, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

In addition, further cookies are set when a video is played. Furthermore, personal data may be transmitted to YouTube and linked to an existing Google profile there if you have an account there and are logged in. If you wish to prevent this transfer, please log out of your account before using the service.

There is the possibility of opting out via the following link: https://adssettings.google.com/authenticated

XIII. Social plug-ins

We use various social plug-ins on our website, which involve both the collection of personal data and the forwarding of this data onto these providers.

We use the following social plug-ins on the basis of our legitimate interests (i.e., our interest in analysing and optimising our website and operating it economically in accordance with Art. 6 para. 1 f) GDPR.

1. Use of Facebook social plug-ins

Plug-ins from the social network Facebook, provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on this website. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/.
Facebook guarantees compliance with European data protection standards and is certified under the EU-US Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). If you call up such a plug-in, a direct connection is established with Facebook’s servers, which may be located in Europe or the USA. The content of the plug-in is transmitted by Facebook directly to the user’s device, which then integrates it into the website. In the process, user profiles may be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects using this plug-in, and the information we provide to you accords with our knowledge on the matter. Other Facebook data may be combined with this data, especially if you have a profile on Facebook’s website and are logged in there. However, even without a user account, your IP address and the time of access will usually be stored there.

For information on the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as the rights and settings options that users have in this regard to protect their privacy, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If you do not want Facebook to collect data about you via our website and to link this to your member data that is stored by Facebook, you must log out of Facebook and delete your cookies before using our website. More settings and ways to revoke permission to use your data for advertising purposes are available in your Facebook profile settings: https://www.facebook.com/settings?tab=ads, or the US web page http://www.aboutads.info/choices/, or the EU web page http://www.youronlinechoices.com/.

These settings are platform-independent, i.e., they will be adopted for all devices, such as desktop computers or mobile devices.

We operate our own company page on Facebook, which we have also linked to, and which you can subscribe to. Further personal data of yours will be collected there.

Facebook Messenger can also be involved in this use, and personal data can, likewise, be collected about that.

2. Facebook pixel

The Facebook pixel plug-in is integrated on our webpages. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, CA, 94025 USA. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/.
Facebook guarantees compliance with European data protection standards and is certified under the EU-US Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). If you call up such a plug-in, a direct connection is established with Facebook’s servers, which may be located in Europe or the USA. The content of the plug-in is transmitted by Facebook directly to the user’s device, which then integrates it into the website. In the process, user profiles may be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects using this plug-in, and the information we provide to you accords with our knowledge on the matter. Other Facebook data may be combined with this data, especially if you have a profile on Facebook’s website and are logged in there. However, even without a user account, your IP address and the time of access will usually be stored there.

For information on the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as the rights and settings options that users have in this regard to protect their privacy, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If you do not want Facebook to collect data about you via our website and to link this to your member data that is stored by Facebook, you must log out of Facebook and delete your cookies before using our website. Further settings and ways to revoke permission to use your data for advertising purposes are available in your Facebook profile settings: https://www.facebook.com/settings?tab=ads, or the US web page http://www.aboutads.info/choices/, or the EU web page http://www.youronlinechoices.com/.

These settings are platform-independent, i.e., they will be adopted for all devices, such as desktop computers or mobile devices.

3. Twitter

You can access features and content of the service Twitter via our website. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include content such as images, videos, text or buttons which you can use to interact on the service or to subscribe to our posts. If you are a member of Twitter, Twitter can associate the content and features that you access with your profile. Twitter guarantees compliance with European data protection standards and is certified under the EU-US Privacy Shield Agreement. (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

You can find Twitter’s privacy policy here: https://twitter.com/de/privacy, and can opt out here: https://twitter.com/personalization.
If you want to prevent data from being connected with your profile, you should log out of Twitter and delete your cookies before using our website.

4. Google Plus

Google Plus is integrated on our website. The provider is Google Inc., and the address of the provider is as under Google Analytics. Personal data may be transmitted here; see Google Analytics. For further information, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

There is the possibility of opting out via the following link: https://adssettings.google.com/authenticated

If you interact with this service, your personal data may be collected and transmitted – in particular, your IP address, as well as the time of access. This may include content such as images, videos, text or buttons which users can use to interact or to subscribe to our posts. If you are a member of the Google Plus platform, Google Plus can associate the above content and features that are accessed with your profile.

If you want to prevent data from being connected with your profile, you should log out of Google Plus and delete your cookies before using our website.

5. Xing

We have integrated features and content of the service Xing on our website. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. This may include, e.g., content such as images, videos, text or buttons which users can use to interact or to subscribe to our posts. If you are a member of the Xing platform, Xing can associate the above content and features that are accessed with your profile. Xing’s privacy policy can be found here: https://www.xing.com/app/share?op=data_protection. If you want to prevent data from being connected with your profile, you should log out of Xing and delete your cookies before using our website.

XIV. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights with respect to the Controller:

1. Right of access

You can request confirmation from the Controller as to whether personal data relating to you is processed by us.

If such processing is indeed taking place, you can request the following information from the Controller:

  1. (1) The purposes for which your personal data is being processed
  2. (2) The categories of personal data that are being processed
  3. (3) The recipients or categories of recipients to whom your personal data has been or will be disclosed
  4. (4) How long the Controller plans to store your personal data, or, if specific information in this respect is not possible, the Controller’s criteria for determining the period of retention
  5. (5) The existence of a right to have your personal data rectified or deleted, or a right to have its processing by the Controller restricted, or to object to such processing
  6. (6) The existence of a right to lodge a complaint with a supervisory authority
  7. (7) All available information concerning the origin of the data, if the personal data was not collected from the data subject
  8. (8) The existence of any automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to demand access to information about whether your personal data will be transmitted to a third country or an international organisation. In this context, you can request to be informed about the appropriate safeguards relating to such transmission per Art. 46 GDPR.

2. Right to rectification

You have a right to have the Controller rectify and/or complete personal data about you that is processed if it is incorrect or incomplete. The Controller must make such rectifications without delay.

3. Right to restriction of processing

You can request that the processing of your personal data be restricted under the following conditions:

  1. (1) If you contest the accuracy of your personal data, then for as long as it takes the Controller to verify its accuracy
  2. (2) If the processing is unlawful and you decline to have your personal data erased and instead request that the use of your personal data be restricted
  3. (3) If the Controller no longer needs your personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims
  4. (4) If you have objected to the processing in accordance with Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the Controller override your grounds.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above-mentioned conditions, you will be informed by the Controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You can request that the Controller delete your personal data without delay, and the Controller is obliged to delete this data without delay if one of the following grounds applies:

  1. (1) Your personal data is no longer necessary for the purposes for which it was originally collected or otherwise processed.
  2. (2) You revoke your consent upon which the processing was based in accordance with Art. 6 para. 1 a) or Art. 9 para. 2 a) GDPR, and there is no other legal basis for the processing.
  3. (3) You object to the processing in accordance with Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 para. 2 GDPR.
  4. (4)  Your personal data have been processed unlawfully.
  5. (5) The erasure of your personal data is required in order to comply with legal obligations under EU law or law of the Member States to which the Controller is subject.
  6. (6) Zoupersonal data concerning you was provided in relation to information society services offered under article 8 para. 1 GDPR.

b) Transfer of information to third parties

If the Controller has made your personal data public and is required to erase it in accordance with Art. 17 para. 1 GDPR, the Controller will take appropriate measures, including those of a technical nature, taking into account the available technology and implementation costs, to inform the data controllers who are processing the personal data that you, as the data subject, have requested that they erase all links to that personal data, or copies or replications of that personal data.

c) Exceptions

The right to erasure does not exist insofar as the processing is necessary:

  1. (1)  to exercise the right to freedom of expression and information;
  2. (2)  to fulfil a legal obligation that requires this processing under the law of the Union or of the Member States to which the Controller is subject, or to perform a task that is in the public interest or that is performed to exercise a public authority that has been transferred to the Controller;
  3. (3) for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 h) and i), as well as Art. 9 para. 3 GDPR;
  4. (4) for archiving, scientific, or historical research purposes in the public interest, or for statistical purposes in accordance with Art. 89 para. 1 GDPR, to the extent that the right referred to in section a) is likely to render impossible, or seriously inhibit, the achievement of the purposes of such processing; or
  5. (5)  to assert, exercise or defend legal claims.

5. Right to notification

If you have asserted your right to rectification, erasure or restriction of processing towards the Controller, the latter is obliged to inform all recipients to whom your personal data have been disclosed of this rectification or erasure of the data, or the restriction of the processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the Controller.

6. Right to data portability

You have the right to obtain a copy of the personal data concerning you that you have supplied to the Controller in a structured, commonly used, machine-readable format. Moreover, you have the right to have this data transmitted to another data controller, without any obstruction from the Controller to whom the personal data has been given, if:

  1. (1) the processing is based on consent given in accordance with Art. 6 para. 1 a) GDPR or Art. 9 para. 2 a) GDPR, or on the basis of a contract in accordance with Art. 6 para. 1 b) GDPR; and
  2. (2) such processing is carried out using automated methods.

In exercising this right, you also have the right to have the Controller transfer your personal data directly to another data controller, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or that is performed to exercise a public authority that has been transferred to the Controller.

7. Right to object

You have the right, for reasons arising from your specific situation, to object at any time to the processing of personal data concerning you and which is carried out in accordance with Art. 6 para. 1 e) or f) GDPR, including profiling based on those provisions.

The Controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to your data being processed for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object using an automated process involving the use of technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Such revocation of consent shall not affect the lawfulness of the processing carried out on the basis of that consent until the point of revocation.

9. Automated decisions in individual cases, including profiling

You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has a legal bearing on you or that significantly affects you in a similar manner. This shall not apply if the decision:

  1. (1) is necessary for the Controller to establish or fulfil a contract with you;
  2. (2) is permitted by Union or Member State legislation to which the Controller is subject, and this legislation includes appropriate

measures to safeguard your rights and freedoms as well as your legitimate interests; or (3) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 a) or g) GDPR applies and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

In the cases referred to in the sections (1) and (3), the Controller will take reasonable measures to safeguard your rights, freedoms and legitimate interests, including, at a minimum, the right to effect the intervention of an individual on the part of the Controller, to state your own position, and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you have your place of residence or place of work, or where the supposed violation is located, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority with which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of any judicial remedy in accordance with Art. 78 GDPR.

Optimised delivery of images

The tool “cloudimage.io”, from Scaleflex SAS, is used for optimised delivery of images. In the process, the IP address of website visitors and the images used by you for your homepage are processed by Scaleflex SAS. Information about the provider:

Scaleflex SAS
StationF
55 Boulevard Vincent Auriol
75013 Paris, France
registered under R.C.S 835 053 026