We are very pleased about your interest in our institute. Data protection is of particular importance for the Laser Zentrum Hannover e.V. (LZH). A use of the internet pages of the LZH is basically possible without any indication of personal data. However, if an affected person wishes to make use of our institute's special offers via our website, personal data processing may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable to the LZH. By means of this privacy policy, our institute wishes to inform the public about the nature, extent and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights under this privacy policy.
The LZH, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps so that absolute protection can not be guaranteed. For this reason, every person concerned is free to submit personal data to us in alternative ways, for example by telephone.
a) personal data
b) affected person
c) processing
d) restriction of processing
e) profiling
f) pseudonymization
g) responsible person or the controller
h) processors
i) receiver
j) third party
k) consent
2. Name and address of the controller
3. Name and address of the data protection officer
8. Collection of general data and information
9. Subscription to the LZH News
10. Subscription to the LZH press mailing list
11. Data protection during applications and the application process
12. Our social media appearances
13. Routine deletion and blocking of personal data
14. Rights of the affected person
a) Right to confirmation
b) Right of information
c) Right to rectification
d) Right to deletion (right to be forgotten)
e) Right to restriction of processing
f) Right to data portability
g) Right of objection
h) Automated decisions in individual cases including profiling
i) Right to revoke a data protection consent
j) Right of appeal
16. Duration for which the personal data is stored
18. Existence of automated decision-making
1. Definitions
The privacy statement of the LZH is based on the terminology used by the European directive and regulatory authority in the adoption of the General Data Protection Regulation (DS-GVO). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.
Among others, we use the following terms in this privacy policy:
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
b) affected person
Affected person is any identified or identifiable natural person whose personal data is processed by the LZH.
c) processing
Processing means any process or series of operations related to personal data, such as collecting, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
d) restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
e) profiling
Profiling is any kind of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
f) pseudonymization
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
g) responsible person or the controller
The responsible person or controller is the natural or legal person, public authority, facility or body that, alone or joint with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
h) processors
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the LZH.
i) receiver
Recipient is a natural or legal person, agency, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under European Union or national law in connection with a particular mission are not considered as beneficiaries.
j) third party
Third party is a natural or legal person, public authority, facility or body other than the data subject, the LZH, the processor and the persons authorized under the direct responsibility of the LZH or the processor to process the personal data.
k) consent
Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the data subject for the particular case, by which the data subject indicates that they consent to the processing of the personal data concerning him / her is.
2. Name and address of the controller
The controller according to the General Data Protection Regulation, to other data protection laws in the member states of the European Union and other provisions with data protection character is:
Laser Zentrum Hannover e.V. (LZH)
Hollerithallee 8
30419 Hannover
Germany
Phone: +49 511 2788-0
Fax: +49 511 2788-100
E-Mail: info@lzh.de
Website: www.lzh.de
3. Name and address of the data protection officer
The data protection officer of the LZH is:
scope & focus Service-Gesellschaft mbH
Ms. Miachela Peeck
Leonhardtstraße 2
30175 Hannover
Germany
Tel.: 0511 364 221-0
Fax: 0511 364 221-99
E-Mail: dsb@lzh.de
Website: www.lzh.de
Any affected person can contact our data protection officer at any time with any questions or suggestions regarding data protection.
4. Cookies
a) Description and scope of data processing
The LZH website uses technically necessary cookies as well as cookies required for web analysis by Matomo (formerly "Piwik"). Matomo is deactivated when you visit our website. Only if you actively consent, your usage behavior will be analyzed anonymously.
Cookies are text files that are stored and stored on a computer system via an Internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual's browser from other internet browsers that contain other cookies. A particular web browser can be recognized and identified by the unique cookie ID.
Through the use of cookies, the LZH can provide users of this website with more user-friendly offers that would not be possible without the cookie setting.
By means of a cookie the information and offers on our website can be optimized in the sense of the user. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies need not reenter their credentials each time they visit the website, as this is done by the website and the cookie stored on the user's computer system.
The data subject can prevent the setting of cookies through our website at any time by means of an appropriate setting of the internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
Below are links to instructions on how to decline cookies in the four most popular browsers:
Firefox:
https://support.mozilla.org/en-US/kb/block-websites-storing-site-preferences
Internet Explorer:
http://windows.microsoft.com/en-us/windows-vista/Block-or-allow-cookies
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=en
Microsoft Edge:
https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
If you use another browser, you will find the instructions on the website of the provider or in the help function of your browser. Please note that not all features on our site may work as intended if cookies are declined.
b) Legal basis for data processing
The legal basis for processing personal data using cookies is Article 6 (1) point (e) of the GDPR in conjunction with Section 3 of the new BDSG and/or Article 6 (1) point (a) of the GDPR for cookies which require consent.
go to top
5. Conduct video conferences
Description:
- We use video conferencing software to communicate with internal and external persons. The data of the video conference is transmitted encrypted via the internet. In addition, chatting is possible with this software. It is also possible to transfer files. The possibility of recording video conferences is only used by us in exceptional cases and only if all participants have actively consented.
Purposes:
- The purpose of the data processing is communication management (managing communication or providing means for communication, e.g. sending an email with information)
Legal basis for processing personal data:
Video conferencing is a Telemedia service. The service provider is responsible for the video conferencing service, not the LZH. This is different for additional services such as chats. Here, the data protection regulations of the GDPR apply.
- Explicit consent, Art. 6 para. 1 lit a) GDPR
- Contract, Art. 6 para. 1 lit b) GDPR
- Legitimate interest, Art. 6 para. 1 lit. f) GDPR
- Description of legitimate interest: Our legitimate interest in communicating with affected persons is the efficient clarification of facts and concerns.
Disclosure of personal data of the affected persons
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399
Data transfer to third countries
The LZH does not actively transmit video conference data to third countries. Within the scope of maintenance, there is the possibility that service providers perceive the personal data of affected persons. Therefore, we inform as a precaution:
- Data is transferred to third countries for which the EU Commission has not determined an adequate level of data protection. It may therefore be the case that the third country’s data protection level is below adequate. Standard data protection clauses have therefore been agreed upon with recipients.
https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA
6. Communicate with email
Description:
- We use the possibility of communication by e-mail.
Purposes:
- The purpose of the data processing is communication management (managing communication or providing means for communication, e.g. sending an email with information)
Legal basis for processing personal data:
- Explicit consent, Art. 6 para. 1 lit a) GDPR
- Contract, Art. 6 para. 1 lit b) GDPR
- Legitimate interest, Art. 6 para. 1 lit. f) GDPR
- Description of legitimate interest: Our legitimate interest in communicating with affected persons is the efficient clarification of facts and concerns.
Disclosure of personal data of the affected persons
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399
Data transfer to third countries
The LZH does not actively transmit content data of e-mails to third countries unless recipients are located in third countries. Within the scope of maintenance, there is the possibility that service providers perceive the personal data of affected persons. Therefore, we inform as a precaution:
- Data is transferred to third countries for which the EU Commission has not determined an adequate level of data protection. It may therefore be the case that the third country’s data protection level is below adequate. Standard data protection clauses have therefore been agreed upon with recipients.
https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA
7. Webanalysis using Matomo
a) Scope of processing personal data
On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. Matomo is an open source software for webanalysis. Matomo does not transfer any data to servers outside the control of the LZH. Matomo does not record any session data without your consent.
Matomo uses cookies. These text files are saved on your computer and enable the LZH to analyse how its website is used. The information on usage collected by the cookie is transferred to the LZH server and saved there so that we can analyse user behaviour. For us, your IP address is an anonymous code. This means we have no technical means of identifying you as a registered user. You will remain anonymous as a user.
The LZH regards this analysis as an integral part of its online service. Its aim is to consistently improve the website and align it more closely with user needs.
If you consent to web analytics by Matomo, the following data is stored when individual pages of our website are accessed:
(1) 2 Bytes of the IP address of the user’s accessing system
(2) the website accessed
(3) the website from which the user reached the website accessed here (referrer)
(4) the other web pages visited from the main website accessed
(5) the time spent looking at the website
(6) the frequency with which the website is accessed.
The analysis software runs exclusively on the servers of our website. Storage of the user’s personal data only takes place there. The data is not passed on to third parties.
You can decide here whether or not to allow a web analysis cookie to be stored in your browser to enable the LZH to gather and analyse statistical data.
You can decide here whether or not to allow a web analysis cookie to be stored in your browser to enable the website operator to gather and analyse statistical data. If you decide against this, remove the tick from the box below to store the Matomo deactivation cookie in your browser.
Currently your visit to this website is being recorded by Matomo web analysis. If you do not wish your visit to be recorded in future, click here.
8. Collection of general data and information
The website of the LZH collects a series of general data and information each time the website is accessed by an affected person or an automated system. This general data and information is stored in the log files of our server. The following data can be collected
(1) the browser types and versions,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system comes to our website (so-called referrers),
(4) the sub-web pages, which are accessed via an accessing system on our website,
(5) the date and time of access to the website,
(6) an internet protocol address (IP address),
(7) Name and URL of the called file
(8) Message if the retrieval was successful
(9) the internet service provider of the accessing system and
(10) other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, the LZH does not draw any conclusions about the data subject. Rather, this information is needed to
(1) to deliver the contents of our website correctlaby,
(2) to optimize the contents of our website for them,
(3) to ensure the permanent functioning of our information technology systems and the technology of our website as well as
(4) To provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack.
This anonymously collected data and information is therefore statistically and further evaluated by the LZH with the aim of increasing data protection and data security in our institute in order to ultimately ensure the best possible level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.
9. Subscription to the LZH Newsletter
a) Data processing by CleverReach
For the subscription management and the dispatch of the LZH Newsletter, the LZH uses the German-based provider CleverReach GmbH & Co. KG, Rastede (CleverReach). CleverReach processes the data of newsletter subscribers on behalf of the LZH on secure servers within the European Union. For this purpose, the LZH has concluded an agreement with CleverReach on order processing (ADV) in accordance with the provisions of the General Data Protection Regulation. In this agreement, CleverReach undertakes to provide full data protection in accordance with the DSGVO. Personal data (title, first name, last name and email address) are encrypted by CleverReach using SSL. The data is used exclusively for subscription management and sending the LZH newsletter.
b) Purpose of the collection and processing of personal data
The data you enter via the newsletter form, such as title, first name, last name, company/institute and e-mail address, is used by the LZH to address you personally, to identify your company/institute and to send you the LZH newsletter by e-mail. The indication of the company/institute helps the LZH to better adapt the contents of the newsletter to the interests of the subscribers. The specification of your salutation is voluntary and serves the LZH only to address you in the newsletter exactly as you wish. This data and the IP address are only stored and used for registration and for sending the LZH newsletter. They will not be passed on to third parties.
c) Legal basis
The legal basis for data processing is the consent of the subscriber:s when registering for the LZH newsletter. For this purpose, LZH uses the so-called double opt-in procedure. Recipients can unsubscribe from the LZH Newsletter at any time or revoke their consent to the storage of data. Unsubscribing or revoking can be done via a link in the newsletter itself or by sending a message to news@lzh.de.
d) Storage period
Personal data of subscribers will be stored on the CleverReach server only until you unsubscribe from the LZH Newsletter.
e) Tracking
An evaluation of reader behavior (so-called "tracking"), such as how often the LZH Newsletter is opened and which links are called up by the readers, does not take place.
f) Right to information and deletion/blocking of data
Subscribers have the right to obtain information about the data stored about them (Art. 15 DSGVO). Should incorrect personal data be processed, they have the right to rectification (Art. 16 DSGVO). If the legal requirements are met, subscribers may request the deletion or restriction of processing and object to processing (Art. 17, 18 and 21 GDPR). If subscribers unsubscribe from the LZH newsletter, all data relating to this subscription will be deleted.
10. Subscription to the LZH press mailing list
a) Data processing by CleverReach
For the administration of the press distribution list and the dispatch of LZH press releases, the LZH uses the German-based provider CleverReach GmbH & Co. KG, Rastede (CleverReach). CleverReach processes the data of the press representatives on behalf of the LZH on secure servers within the European Union. For this purpose, the LZH has concluded an agreement with CleverReach on order processing (ADV) in accordance with the General Data Protection Regulation provisions. In this agreement, CleverReach undertakes to provide complete data protection in accordance with the GDPR. Furthermore, personal data (title, first name, last name, and e-mail address) are encrypted by CleverReach using SSL. The data is used exclusively to administer the press distribution list and send LZH press releases.
b) Purpose of the collection and processing of personal data
LZH uses the data you enter via the newsletter form, such as title, first name, last name, the title of the medium, and e-mail address, to address you personally, identify your medium, and send you LZH press releases by e-mail. The indication of the title of the medium helps the LZH to be able to classify the interests of the press representatives. The specification of the form of address is voluntary and serves the LZH only to address press representatives precisely as they wish. This data and the IP address are only stored and used for registration for the press distribution list and for sending LZH press releases. They will not be passed on to third parties.
c) Legal basis
The legal basis for data processing is the consent of the press representatives when registering for the LZH press distribution list. For this purpose, LZH uses the so-called double opt-in procedure. Recipients can unsubscribe from the LZH press distribution list or revoke their consent to the storage of data at any time. The unsubscription or revocation can be made via a link in the newsletter itself or by sending a message to presse@lzh.de.
d) Storage period
Personal data of press representatives will only be stored on the CleverReach server until you unsubscribe from the LZH press distribution list.
e) Tracking
There is no evaluation of reader behavior (so-called "tracking"), such as how often LZH press releases are opened and which links are called up by readers.
f) Right to information and deletion/blocking of data
Press representatives have the right to obtain information about the data stored about them (Art. 15 DSGVO). If incorrect personal data is processed, they have the right to have it corrected (Art. 16 DSGVO). If the legal requirements are met, press representatives may request the erasure or restriction of processing and object to processing (Art. 17, 18 and 21 GDPR). If press representatives unsubscribe from the LZH press distribution list, all data relating to this subscription will be deleted.
11. Data protection during applications and the application process
The LZH collects and processes the personal data of applicants to handle the application procedure. The legal basis is § 26 BDSG. Processing may also take place electronically. This is particularly the case if an applicant submits relevant application documents electronically, for example by e-mail.
If LZH concludes an employment contract with an applicant, the transmitted data will be stored to process the employment relationship in compliance with the statutory provisions. If LZH does not conclude an employment contract with the applicant, the application documents will be deleted six months after notification of the rejection decision, provided that no other legitimate interests of LZH oppose deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
12. Our social media appearances
Data processing through social networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below. Social networks such as Facebook, Twitter, etc., can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Therefore, visiting our social media presences triggers numerous processing operations relevant to data protection.
In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Please refer to the terms of use and data protection provisions of the respective social media portals for details.
Legal basis
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability, and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are primarily determined by the corporate policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Social networks in detail
Facebook
We have a profile on Facebook. This service provider is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations Facebook or we are responsible for when visiting our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For details, see Facebook's privacy policy: https://www.facebook.com/about/privacy/.
Twitter
We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can independently adjust your Twitter privacy settings in your user account. To do so, click on the following link and log in: https://twitter.com/personalization.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
For details, please refer to Twitter's privacy policy: https://twitter.com/de/privacy.
XING
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccshttps://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on their handling of your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
13. Routine deletion and blocking of personal data
The LZH processes and stores personal data of the data subject only for the period required to achieve the purpose of the storage or as provided by the European directives and regulations or any other legislator in laws or regulations to which the LZH is subject.
If the storage purpose is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
14. Rights of the affected person
a) Right to confirmation
Each data subject has the right granted by the European Di- rective and Regulatory Authority to require the LZH to confirm whether personal data relating to it are being processed. If an affected person wishes to make use of this confirmation right, they can contact an employee of the LZH at any time.
b) Right of information
Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to obtain free information from the LZH at any time about the personal data stored about him and a copy of this information. Furthermore, the European legislator and regulator has provided the data subject with the following information:
- the processing purposes
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- the existence of a right to rectification or erasure of personal data concerning him or to a restriction of processing by LZH or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information on the source of the data
- the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) of the BER, and - at least in these cases - meaningful information on the logic involved and the scope and intended impact of such processing on the data subject
- Furthermore, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If that is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
- If an affected person wishes to make use of this right to information, they can contact an employee of the LZH at any time.
c) Right to rectification
Any person affected by the processing of personal data has the right granted by the European legislator to demand the immediate correction of inaccurate personal data concerning him / her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If an affected person wishes to exercise this right to rectification, they can contact an employee of the LZH at any time.
d) Right to deletion (right to be forgotten)
Any person concerned by the processing of personal data shall have the right granted by the European Directives and Regulators to require the LZH to immediately delete the personal data concerning him, provided that one of the following reasons is satisfied and the processing is not required:
- The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
- The data subject withdraws the consent on which the processing was based on Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR and lacks any other legal basis for the processing.
- The data subject submits an objection to the processing in accordance with Article 21 (1) DS-GVO, and there are no legitimate reasons for the processing, or the data subject appeals in accordance with Article 21 (2) of the GDPR the processing.
- The personal data were processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation under Union or national law, to which the controller is subject.
- The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 DS-BER.
If one of the above reasons applies and an affected person wishes to arrange for the deletion of personal data stored at the LZH, they can contact an LZH employee at any time. The employee of the LZH will arrange for the extinguishing request to be fulfilled immediately.
If the personal data has been made public by the LZH and if our institute is responsible for deleting personal data as the person responsible pursuant to Art. 17 para. 1 DS-GVO, the LZH shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs. to inform other data controllers processing the published personal data that the data subject has requested that these other data controllers delete all links to such personal data or copies or replications of such personal data, as far as the processing is not necessary. The employee of the LZH will arrange the necessary in individual cases.
e) Right to restriction of processing
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to require the LZH to restrict processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by the data subject for a period of time that enables the person responsible to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data.
- The LZH no longer needs personal data for the purposes of processing, but the data subject requires them to assert, exercise or defend legal claims.
- The person concerned has objected to the processing acc. Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of the LZH prevail over those of the person concerned.
If one of the above-mentioned requirements is met and an affected person wishes to request the restriction of personal data stored at the LZH, they can contact an employee of the LZH at any time. The employee of the LZH will initiate the restriction of processing.
f) Right to data portability
Any person affected by the processing of personal data shall have the right granted by the European Di- rective and Regulatory Authority to receive the personal data concerning him / her provided to the LZH by the data subject in a structured, common and machine-readable format. It also has the right to transmit this data to another person responsible without hindrance by the LZH to whom the personal data were provided, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) of the GDPR or Art. 9 para 2 (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and processing by means of automated processes, unless the processing is necessary for the performance of a task of public interest or in the exercise of public authority, which has been assigned to the responsible person.
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain that the personal data are transmitted directly from one controller to another, insofar as this is technically feasible and if so this does not affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject can contact an employee of the LZH at any time.
g) Right of objection
Any person concerned by the processing of personal data shall have the right conferred by the European directive and regulatory authority at any time, for reasons arising from its particular situation, against the processing of personal data relating to it pursuant to Article 6 (1) (e) or f DS-GVO takes an objection. This also applies to profiling based on these provisions.
In the event of an objection, the LZH will no longer process the personal data unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims.
If the LZH processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to the profiling, as far as it is associated with such direct mail. If the data subject objects to processing for direct marketing purposes, the LZH will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his / her particular situation, to process personal data concerning him / her for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR To object, unless such processing is necessary to fulfill a public interest task.
In order to exercise the right to object, the data subject may directly contact any LZH employee. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise his right of opposition by means of automated procedures using technical specifications.
h) Automated decisions in individual cases including profiling
Any person concerned by the processing of personal data shall have the right, as granted by the European legislature and the legislature, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on it or, in a similar manner, significantly affects it; provided the decision
(1) is not required for the conclusion or performance of a contract between the data subject and the LZH; or
(2) is permitted by Union or Member State legislation to which the LTA is subject and where such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
(3) with the express consent of the data subject.
Is the decision
(1) required for the conclusion or performance of a contract between the data subject and the LHIC; or
(2) If it is given with the explicit consent of the data subject, the LZH shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the LZH own position and to challenge the decision.
If the data subject wishes to assert rights with regard to automated decisions, they can contact an employee of the LZH at any time.
i) Right to revoke a data protection consent
Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to revoke consent to the processing of personal data at any time. If the data subject wishes to assert their right to revoke consent, they can contact an employee of the LZH at any time.
j) Right of appeal
Any person affected has the right to lodge a complaint with the responsible supervisory authority. In Lower Saxony, this is the State Commissioner for Data Protection in Lower Saxony.
15. Legal basis of processing
Art. 6 I lit. A DS-GMO serves as the legal basis for processing operations for which we obtain consent for a particular processing purpose. This consent can be revoked at any time. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b DS-GMO. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our institution is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GMO. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GMO are based. Ultimately, processing operations could be based on Art. 6 I lit. f DS-GMOs are based. Processing operations that are not covered by any of the above legal bases are based on this legal basis if processing is necessary to safeguard the legitimate interests of our institution or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a LZH customer (recital 47, second sentence, DS-BER)
16. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
17. Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision
We clarify that the provision of personal information is in part required by law (such as tax regulations) or may result from contractual arrangements (such as details of the contractor). Occasionally it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. The data subject is obliged, for example, to provide us with personal data if our institute concludes a contract with her. Failure to provide the personal data would mean that the contract with the person concerned could not be closed. Prior to any personal data being provided by the person concerned, the person concerned must contact one of our employees. Our employee will inform the individual on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of the non-provision of the personal data.
18. Existence of automated decision-making
As a responsible institute, we refrain from automatic decision-making or profiling.
Last updated 08 October 2021.