+49 711 50887827-0
Free Consultation
Deutsch

Privacy Policy

MyCRM GmbH offers comprehensive information to contractual partners, customers, and interested parties via its website https://mycrm.de. We attach particular importance to the confidential and secure handling of your personal data and your company’s data.

The following privacy policy forms the basis of our actions and is an integral part of our business relationship with customers, interested parties and third parties.

Due to legal and technical changes, we may update this privacy policy as needed. The most current version of the privacy policy published on our website is always valid.

The privacy policy includes the following points:

1. Name and address of the controller
Responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

MyCRM GmbH
Heilbronner Str. 13
73728 Esslingen

Telephone: +49 711 50887827-0
Fax: +49 711 50887827-9

Email: info@mycrm.de
Website: https://mycrm.de

2. Name and address of the data protection officer

The data protection officer of the controller is:

Markus Achatz
Quality Management Academy
Raiffeisenstraße 14
86447 Aindling

Telephone: +49 8237-6277
markusachatz@qma-akademie.de

3. Use of cookies
[borlabs-cookie type=“btn-cookie-preference“ title=“Cookie settings“/]
The MyCRM GmbH website uses cookies. Cookies are data that are stored by the internet browser on the user’s computer system. The cookies can be transmitted to the website when a page is accessed and thus enable the user to be identified. Cookies help simplify the use of websites for users.
It is possible to withdraw cookies at any time by changing the settings in the internet browser accordingly. Cookies can be deleted. Please note that if cookies are deactivated, not all functions of our website may be fully available.

4. Creation of log files
Each time the website is accessed, MyCRM GmbH records data and information using an automated system. This information is stored in the server’s log files.
The following data may be collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system accesses our website (referrer)
(7) Websites accessed by the user’s system via our website
The data is processed to deliver the content of our website, to ensure the functionality of our information technology systems and to optimise our website. The data in the log files is always stored separately from other personal data of the user.

5. Analysis tools and advertising

Google Analytics
MyCRM GmbH uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google’s behalf. Google will never associate your IP address with any other data held by Google. You may prevent cookies from being installed by setting your browser accordingly; however, please note that if you do this, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent cookies from being saved by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

Duration of storage
The data will be stored for a maximum of 26 months.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking the following link. This will set an opt-out cookie that prevents the collection of your data on future visits to this website: [google_analytics_optout]Disable Google Analytics[/google_analytics_optout].

For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Contract data processing

We have concluded a contract for order data processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Leadfeeder
In addition to using Google Analytics, this website uses the Leadfeeder service, which is operated by Liidio Oy, Mikonkatu 17, 0100 Helsinki, Finland. Leadfeeder accesses the list of website visitors’ IP addresses provided by Google Analytics in the evaluation and links the list of IP addresses to information about the companies that can be found on the Internet under these IP addresses. Because the IP addresses of website visitors are shortened when Google Analytics is used, no direct personal reference is established. A personal reference can be assumed when reviewing the linked company information. Leadfeeder’s privacy policy can be found at https://www.leadfeeder.com/privacy/.

Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. This way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and surfing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. This allows the same personalized advertising messages to be displayed on every device on which you log in with your Google Account.

To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.
You can permanently opt out of cross-device remarketing/targeting by disabling personalized advertising in your Google Account; to do so, follow this link: https://www.google.com/settings/ads/onweb/ .

The data collected is summarized in your Google Account solely on the basis of your consent, which you can give or withdraw to Google (Art. 6 (1) (a) GDPR). For data collection processes that are not merged into your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the data is collected on the basis of Art. 6 (1) (f) GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.
Further information and the data protection provisions can be found in Google’s privacy policy at: https://www.google.com/policies/technologies/ads/ .

Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google AdWords customer receives a different cookie. These cookies cannot be tracked across AdWords customers’ websites. The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in your internet browser’s user settings. You will then not be included in the conversion tracking statistics.

Conversion cookies are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
More information about Google AdWords and Google Conversion Tracking can be found in Google’s privacy policy: https://www.google.de/policies/privacy/ .

You can set your browser to inform you about the use of cookies, to only allow cookies in individual cases, to exclude cookies for certain cases or generally, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA is designed to verify whether the data entered on our websites (e.g., in a contact form) is entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and spam.
Further information on Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html .

Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. This will set an opt-out cookie that prevents your data from being collected on future visits to this website: Deactivate Google Analytics.
Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

6. Links and content on third-party websites
The website contains links to third-party offers. MyCRM GmbH cannot accept any liability for these websites or their respective handling of personal data.

Disclaimer: In a ruling dated May 12, 1998, the Hamburg Regional Court ruled that by providing a link, one may be held jointly responsible for the content of the linked page. According to the Regional Court, this can only be prevented by expressly distancing oneself from such content. MyCRM GmbH has placed links to other websites on its website. The following applies to all such links: MyCRM GmbH expressly declares that it has no influence whatsoever on the design and content of the linked pages. Therefore, MyCRM GmbH hereby expressly distances itself from all content on all linked pages on its website and does not adopt this content as its own. This declaration applies to all links displayed on the website and to all content on the pages to which the banners, buttons, and links visible on MyCRM GmbH lead.

7. SSL Encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser’s address bar.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

8. Registration on our website
If the data subject uses the option to register on the controller’s website by providing personal data, the data in the respective input mask will be transmitted to the controller. The data will be stored by the controller exclusively for internal use.

During registration, the user’s IP address as well as the date and time of registration are saved. This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on the data.
The registration of the data is necessary for the provision of content or services. Registered persons have the option of having the stored data deleted or changed at any time. The data subject can obtain information about the personal data stored about them at any time.

9. Newsletter
If our company’s newsletter is subscribed to, the data in the respective input mask will be transmitted to the person responsible for processing.
When registering for the newsletter, the user’s IP address as well as the date and time of registration are saved. This serves to prevent misuse of the services or the email address of the data subject. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on the data.
The data will be used exclusively for sending the newsletter. The subscription to the newsletter can be canceled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. A corresponding link for this purpose is included in every newsletter.

MailChimp:
This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that, among other things, can be used to organize and analyze the distribution of newsletters. If you enter data for the purpose of subscribing to the newsletter (e.g., email address), this data will be stored on MailChimp’s servers in the USA.

MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the United States designed to ensure compliance with European data protection standards in the United States.

With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (a so-called web beacon) connects to MailChimp’s servers in the USA. This allows us to determine whether a newsletter message has been opened and, if applicable, which links have been clicked. Technical information is also recorded (e.g., time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not want MailChimp to analyze your data, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message. You can also unsubscribe directly from the newsletter on the website.

Data processing is based on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter. After you unsubscribe, the data will be deleted from both our servers and the MailChimp servers. Data stored by us for other purposes (e.g., email addresses for the members’ area) will remain unaffected.

For more information, please see MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/ .

Conclusion of a Data Processing Agreement
. We have concluded a so-called “Data Processing Agreement” with MailChimp, in which we obligate MailChimp to protect our customers’ data and not to share it with third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/ .

Newsletter tracking
By subscribing to the newsletter, the user consents to tracking for statistical purposes. A web beacon (also known as a tracking pixel) is used. When the newsletter is delivered, the external server can then process certain data of the recipient, for example to save the time of retrieval, IP address or information about the email client used. The name of the image file is individualized for each email recipient by appending a unique ID. The email sender remembers which ID belongs to which email address and can thus recognize which newsletter recipient opened the email when the image is retrieved.
Such personal data collected via the tracking pixels contained in the newsletters is stored and evaluated in order to optimize newsletter delivery and to adapt the content of future newsletters even better to the interests of the recipients. The data will not be passed on to third parties.
Tracking can be prevented by the user by setting their email program so that it does not load images in an email. We will consider unsubscribing from the newsletter as a revocation of this consent.

In the case of Sugar Market, the data is processed and stored by SugarCRM Inc., 10050 North Wolfe Road, SW2-130, Cupertino, CA 95014, USA.

Sugar Market We use
Sugar Market on this website for marketing automation. This is an analysis and tracking software that assigns and stores usage data (including the browser used, last page visited, and length of visit). The software uses this information to personalize our marketing efforts and better align them with the interests of each user. The software also helps us better evaluate the success of individual marketing efforts.

Sugar Market is hosted by SugarCRM Inc., 10050 North Wolfe Road, SW2-130, Cupertino, CA 95014, USA. Data is not shared with third parties.

Sugar Market ’s working method is expressed through:

Email marketing and campaigns
: With email marketing, we send you personalized emails. These are based in part on your usage behavior on our website, your reading of our emails, and your interaction with the links contained therein. We also send emails as part of campaigns.

Landing pages
are special web pages defined as the target of advertising campaigns. They usually contain interactive options, such as downloading white papers or using checklists and forms to collect information about you. The software uses various technical processes to assign individual activities to anonymous profiles or—with prior consent—to the profiles of individual users:

Web beacon
To detect whether, for example, an email has been opened, Sugar Market uses so-called tracking pixels. These load a small graphic from the provider’s server that has previously been assigned to an individual user profile.

Personalized web links
In order to recognize whether, for example, a user clicks on a link in an email, Sugar Market adds a unique identifier to these links, which has previously been assigned to an individual user profile.

Cookies
are unique identification numbers that Sugar Market stores on the user’s device the first time they visit the website and assigns to an individual user profile. This allows Sugar Market to recognize individual users on subsequent visits to the website. These are so-called “first-party cookies” that can only be set and evaluated by us.

IP address:
The IP address currently used by website visitors is transmitted to us each time our website is accessed. Sugar Market uses this address to recognize website users.

The data collected is:
• the activity on our website
• the number of page views and length of stay of the website visitor
• the click path of the respective visitor
• downloads of files provided via the website
• visits to landing pages
• opening of emails from newsletters and campaigns

When registering on the website or downloading a white paper, the provider collects the following information through the use of Sugar Market:
• Contact information (such as name, postal or email address, telephone or fax number).
• Business contact information (such as your job title, the name of my business, business email address, telephone or fax number).
• The IP address of the device from which the website is being used (a sequence of numbers that identifies your current computer connection to the Internet).

The data being shared is clearly visible to the user when filling out a form. The data required to submit the form is indicated.

10. Contact options
The MyCRM GmbH website contains contact forms that can be used for electronic contact. Alternatively, contact can be made via the email address provided. If the data subject contacts the controller via one of these channels, the personal data transmitted by the data subject will be automatically saved. The storage serves solely for the purposes of processing or contacting the data subject. The data will not be passed on to third parties.
This is the voluntary provision of personal data. MyCRM GmbH has taken all technical and organizational measures to ensure that this data is also secure.
Nevertheless, please be very careful with the information you provide and do not transmit any sensitive data, such as your bank details, via the contact form.

Comment function on this website
For the comment function on this page, in addition to your comment, information about the time the comment was created, your email address, and, if you do not post anonymously, the username you choose will be saved.

Storage period of comments:
Comments and the associated data (IP address is not saved) will be saved and remain on our website until the commented content has been completely deleted or the comments must be deleted for legal reasons (e.g., offensive comments).

Appointment scheduling via “Youcanbookme”
MyCRM GmbH uses the Youcanbook.me service (YouCanBook.me Ltd., 38 Mill Street, Bedford, MK40 3HD, United Kingdom) to simplify appointment scheduling. Using this service will result in data being transferred to Youcanbook.me.

Youcanbook.me processes the following data on my behalf:
Personal data: First and last name, full address
; Communication data: Telephone numbers, email addresses;
Additional information required for the appointment.
Please note that you are not obligated to use this service to schedule an appointment. If you do not wish to do so, please use one of the other contact options we offer to schedule an appointment.
Further information can be found in Youcanbook.me’s privacy policy at https://youcanbook.me/terms .

The data entered via Youcanbook.me is therefore processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. The legality of the data processing operations carried out up to the time of revocation remains unaffected by the revocation.

Objection/Cancellation:
The data you enter via Youcanbook.me will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular, retention periods—remain unaffected.

Conclusion of a data processing agreement (DPA)
We have concluded a data processing agreement with Youcanbook.me, in which Youcanbook.me undertakes to protect my customers’ data and not to pass it on to third parties.

Making an appointment via Calendly
On our website you have the option of making appointments with us. We use the “Calendly” tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
To book an appointment, enter the requested data and the desired date in the form provided. The data you enter will be used for planning, carrying out and, if necessary, for follow-up to the appointment. The appointment data will be stored for us on Calendly’s servers, whose privacy policy you can view here: https://calendly.com/de/pages/privacy .
The data you enter will remain with us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
The legal basis for data processing is Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If corresponding consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa .

Order processing
We have concluded a contract for order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.

Pipedrive Chatbot Module

Our website uses Pipedrive’s chatbot functionality. The provider is Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia.

If you contact us via chatbot, your inquiry, including all personal data (name, inquiry, and contact information), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.

This feature allows you to enter into automated communication to receive targeted information. This allows us to display information that is relevant to your interests and your query.

This data is processed on the basis of Art. 6 (1) (b) GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) (a) GDPR) and/or on our legitimate interests (Art. 6 (1) (f) GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data you send to us via the chatbot’s questionnaire will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular, statutory retention periods—remain unaffected.

Further information and the data protection provisions can be found in Pipedrive’s privacy policy at: https://www.pipedrive.com/en/privacy

11. Routine deletion and blocking of personal data
The controller shall process and store the personal data of the data subject only for as long as necessary to achieve the purpose of storage. Storage may also occur beyond this period if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject.
As soon as the storage purpose no longer applies or a storage period prescribed by the aforementioned provisions expires, the personal data will be routinely blocked or deleted.

12. Use of plugins

Google Fonts (local hosting)
This site uses Google Fonts, provided by Google, for the consistent display of fonts. Google Fonts are installed locally. There is no connection to Google servers.
Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google Maps
This website uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. Google Maps is used in the interest of an appealing presentation of our online offerings and to make the locations specified by us on the website easy to find. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Further information on how user data is handled can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/ .

YouTube
Our website uses plugins from the YouTube site, operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in the interest of ensuring an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Further information on how user data is handled can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

13. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
You can assert all rights against the company using the contact details in point 1 or against our data protection officer using the contact details in point 2.

13.1 Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following information:
a. the purposes for which the personal data is processed;
b. the categories of personal data being processed;
c. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
e. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
f. the existence of a right to lodge a complaint with a supervisory authority;
g. all available information on the origin of the data if the personal data are not collected from the data subject;
h. the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and envisaged effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
In the case of data processing for scientific or historical research purposes or for statistical research purposes:
This right to information may be restricted to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously compromises it and the restriction is necessary to fulfill the research or statistical purposes.

13.2. Right to rectification
You have the right to have your data rectified and/or completed by the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately.
If data is processed for scientific or historical research purposes or for statistical research purposes:
Your right to rectification can be restricted to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously compromises it and the restriction is necessary to fulfil the research or statistical purposes.

13.3. Right to restriction of processing
You can request the restriction of the processing of personal data concerning you under the following conditions:
a. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
b. the processing is unlawful and you refuse to erase the personal data and instead request the restriction of their use;
c. the controller no longer needs the personal data for the purposes of processing, but you require them to assert, exercise or defend legal claims, or
d. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.
In the case of data processing for scientific or historical research purposes or for statistical research purposes:
Your right to restriction of processing may be restricted to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously compromises it and the restriction is necessary to fulfill the research or statistical purposes.

13.4. Right to erasure

13.4.1. You can request the controller to delete the personal data concerning you immediately, and the controller is obliged to delete this data immediately if one of the following reasons applies:
a. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b. You withdraw your consent on which the processing was based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
c. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
d. The personal data concerning you have been processed unlawfully.
e. The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
f. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

13.4.2. If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, in order to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by such controllers of all links to these personal data or of copies or replications of these personal data.

13.4.3. The right to erasure does not apply if processing is necessary
a. to exercise the right to freedom of expression and information;
b. to comply with a legal obligation required by Union or Member State law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in paragraph 1 is likely to make the achievement of the objectives of that processing impossible or seriously compromises it, or
e. to assert, exercise or defend legal claims.

13.5. Right to information
If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the responsible party, this party is obliged to inform all recipients to whom the personal data concerning you was disclosed of this rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure.
You have the right to be informed by the responsible party of these recipients.

13.6. Right to data portability
You have the right to receive the personal data concerning you that you have made available to the responsible party in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another responsible party without hindrance from the responsible party to whom the personal data was made available, provided that
a. the processing is based on consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and
b. the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

13.7. Right of objection
You have the right to object at any time to the processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR, for reasons arising from your particular situation; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, regardless of Directive 2002/58/EC.
In the case of data processing for scientific or historical research purposes or for statistical research purposes:
You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR.
Your right of objection may be restricted to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously compromises it and the restriction is necessary to fulfill the research or statistical purposes.

13.8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

13.9. Automated decision-making in individual cases, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
a. is necessary for entering into or fulfilling a contract between you and the controller
b. is permitted by Union or Member State law to which the controller is subject, and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or
c. is made with your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.
With regard to the decisions referred to in a. and c. In the cases referred to above, the controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

13.10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you believe that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

14. Transfer of data to third parties
Data will generally not be passed on; possible exceptions are regulated in the above points. In particular, data will not be passed on for commercial purposes (address trading).

15. Legal basis for processing
If we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) (f) GDPR serves as the legal basis for processing. The legitimate interest of our company lies in the conduct of our business activities.

16. Duration of storage of personal data
Personal data is stored for the duration of the respective statutory retention period. After the expiration of the period, the data will be routinely deleted unless necessary for the initiation or fulfillment of a contract.

16.1. Questions & Suggestions

If you have any questions or suggestions, please send us an email to info@mycrm.de

07.05.2018