Privacy policy

Privacy Policy according to Art. 13 GDPR

 

Data protection and the privacy of the users of our website are of particular concern to us. We are therefore committed to protecting your personal data and to collecting, processing and using it only in accordance with the General Data Protection Regulation (GDPR) and national data protection regulations. The following Privacy Policy explains which of your personal data is collected on our websites and how this data is used. Our Privacy policy is regularly updated in accordance with legal and technical requirements. Please therefore refer to the latest version of our Privacy policy.

 

The following data protection regulations apply exclusively to the Internet pages of POHA House Holding GmbH on the website: www.pohahouse.com.

 

  1. Name and address of the person responsible

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws as well as other data protection regulations is:

 

POHA House Holding GmbH

Karmeliterstrasse 10

52064 Aachen

Germany

Phone: +49 241 8943 5578

E-mail: hey@pohahouse.com

Website: www.pohahouse.com

 

  1. General information on data processing

 

  1. Scope of the processing of personal data

As a matter of principle, your personal data will only be processed insofar as this is necessary for the provision of a functioning website as well as our content and services. The processing is regularly carried out only with your consent, unless obtaining your consent in advance is not possible for actual reasons and the processing of the data is permitted by legal regulations.

 

  1. Legal basis for the processing of personal data

The legal basis for the processing of personal data are the facts standardised in Art. 6 Para. 1 

GDPR as follows:

 

  1. Art. 6 para. 1 lit. a GDPR, insofar as we obtain the consent of the data subject for processing operations of personal data.
  2. Art. 6 para. 1 lit. b GDPR, insofar as the processing of personal data is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
  3. Art. 6 para. 1 lit. c GDPR, insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
  4. Art. 6 para. 1 lit. d GDPR, insofar as vital interests of the data subject or another natural person make processing of personal data necessary.
  5. Art. 6 para. 1 lit. f GDPR, insofar as the processing is necessary to protect a legitimate interest of our company or a third party and this outweighs the interests, fundamental rights and freedoms of the data subject.

 

  1. Data deletion and storage period

As soon as the purpose of storage ceases to apply, your personal data will be deleted or blocked. If the European or national legislator provides for storage beyond the purpose in Union regulations, laws or other provisions to which the responsible party is subject, this may take place until the expiry of the storage period prescribed by the aforementioned standards. Subsequently, the data will also be blocked or deleted, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

III. Provision of the website and creation of log files

 

  1. Description and scope of data processing

Our system automatically collects data and information from the computer system of the calling computer each time our website is called up. 

 

The following data is collected:

 

  1. a) The user IP address
  2. b) Date and time of access
  3. c) your internet provider
  4. d) information about the type of access browser and the version used
  5. e) Your operating system
  6. f) Websites from which your system accesses our website
  7. g) websites that are accessed by your system via our website.

 

This data is also stored in the log files of our system. This data is not stored together with your other personal data.

 

  1. Legal basis for data processing

Art. 6 para. 1 lit. f GDPR is the necessary legal basis for the temporary storage of the data and the log files.

 

  1. Purpose of data processing

The provision of the website to your computer requires the temporary storage of the IP address by the system. For this purpose, your IP address must remain stored for the duration of the session.

 

To ensure the functionality of the website and the security of our IT systems as well as to optimise the website, this data is stored in log files. In this context, no evaluation of the data for marketing purposes takes place. 

 

Likewise, these purposes represent our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

 

  1. Duration of storage

If the data collection is no longer necessary to achieve the purpose, the data will be deleted. In the case of data collection for the provision of the website, this occurs at the end of the respective session.

 

If the data is stored in log files, these are deleted after seven days at the latest. Storage beyond this period may also be possible. In this case, the user IP addresses are deleted or alienated in order to no longer enable an assignment to the calling client.

 

  1. Possibility of objection and removal

There is no possibility for you to object, as the collection and storage of data in log files is absolutely necessary for the provision and operation of the website.

 

  1. Use of cookies

 

  1. Description and scope of data processing

Our website uses so-called “cookies”. These are text files that are stored in the Internet browser or by the Internet browser on your computer system. A cookie can be stored on your operating system as soon as it calls up a website. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

 

Cookies are used to make our website more user-friendly. This is because some parts of our website require identification of the browser used even after a page change.

 

The following data is stored and transmitted in the cookies:

 

  1. a) Log-in information
  2. b) Language settings
  3. c) Items in a shopping cart

 

In addition, we use cookies on our website to analyse your surfing behaviour.

 

The following data can be transmitted in this way:

 

  1. a) Search terms entered
  2. b) Frequency of page views
  3. c) Date of access
  4. d) Visited internal URLs
  5. e) Shopping basket (goods data, goods purchased, amount of the shopping basket, currency)
  6. f) Use of website functions

 

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

 

When you access our website, you will be informed about the use of cookies, especially for analysis purposes. Your consent to process the personal data used in this context will also be obtained. This also includes a reference to this Privacy Policy.

 

  1. Targeting 

On our websites, data is collected on the basis of cookie technology in order to optimise our advertising and the entire online offer. This data is not used to identify you personally, but is used solely for a pseudonymous evaluation of the use of the homepage. At no time will your data be merged with personal data stored by us. This technology allows us to present you with advertisements and/or special offers and services, the content of which is based on the information obtained in connection with the clickstream analysis (for example, advertisements that focus on the fact that only sports shoes have been viewed in the last few days). Our aim here is to make our online offering as attractive as possible to you and to present you with advertising that matches your areas of interest. 

 

  1. a) Third-Party Cookies

We make use of a number of advertising partners who help to make the website more interesting for you. Therefore, cookies from partner companies are also stored on your hard drive when you visit the websites. These are temporary/permanent cookies that are automatically deleted after the specified time. These temporary or permanent cookies (lifetime 14 days to 10 years) are stored on your hard drive and delete themselves after the specified time. The cookies of our partner companies also contain only pseudonymous, mostly even anonymous data. This is, for example, data about which products you have viewed, whether something has been purchased, which products have been searched for, etc. Some of our advertising partners also collect information beyond the websites about which pages you have previously visited or which products you were interested in, for example, in order to be able to show you advertising that best matches your interests. This pseudonymous data is never combined with your personal data. Their sole purpose is to enable our advertising partners to address you with advertising that might actually interest you.

 

  1. b) Re-Targeting 

Our websites use so-called re-targeting technologies. We use these technologies to make our website more interesting for you. This technology makes it possible to address Internet users who have already shown interest in our shop and our products with advertising on our partners’ websites. We are convinced that the display of personalised, interest-related advertising is usually more interesting for the Internet user than advertising that has no such personal reference. The display of these advertisements on the pages of our partners is based on cookie technology and an analysis of previous user behaviour. This form of advertising is completely pseudonymous. No usage profiles are merged with your personal data. By using our site, you consent to the use of cookies and the collection, storage and use of your usage data. Furthermore, your data will be stored in cookies beyond the end of the browser session and can, for example, be accessed again during your next visits to the website. You can revoke this consent at any time with effect for the future by refusing to accept cookies in your browser settings.

 

  1. Prevent the storage of cookies

Depending on the browser you use, you can set your browser so that cookies are only stored with your consent. If you only want to accept the cookies we use, but not the cookies of any service providers and partners, you can select the setting in your browser “Block third-party cookies”. As a rule, the help function in the menu bar of your web browser will show you how to reject new cookies and switch off those you have already received. We recommend that if you use shared computers that are set to accept cookies and Flash cookies, you always log out completely when you are finished.

 

  1. Legal basis for data processing

For the processing of personal data using technically necessary cookies, Art. 6 para. 1 lit. f GDPR constitutes the necessary legal basis.

For the processing of personal data for analysis purposes using technically unnecessary cookies, the necessary legal basis is consent in accordance with Art. 6 para. 1 lit. a GDPR.

 

  1. Purpose of data processing

The use of technically necessary cookies is for the purpose of simplifying the use of our websites for you. Without the use of cookies, various functions of our website cannot be offered, as these require the recognition of the browser after a page change.

 

The following applications require cookies:

 

  1. a) Remembering search terms
  2. b) Adoption of language settings
  3. c) Shopping cart

 

No user profiles are created by means of user data collected by technically necessary cookies.

 

Analysis cookies are used for the purpose of optimising the quality of our website and its content. We can regularly improve our offer by using analysis cookies and thus learn how our website is used.

 

Likewise, these purposes represent our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

 

  1. Duration of storage, possibility of objection and elimination

Cookies are stored on your computer. From there they are transmitted to our website. You as the user therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. You can also delete cookies that have already been saved at any time. This can also be done automatically. If you deactivate cookies for our website, this may result in restrictions on the use of the functions of our website.

 

  1. Newsletter

 

  1. Description and scope of data processing

We offer the option of a free newsletter subscription on our website. Your e-mail address from the input mask provided for this purpose is transmitted to us when you register for the newsletter.

 

The following data is also collected during registration:

 

  1. a) Date and time of registration
  2. b) Consent to receive the newsletter

 

During the registration process, we obtain your consent to the processing of this data and refer you to this Privacy policy.

 

The data will be used exclusively for sending the newsletter. The data processed for sending the newsletter will not be passed on to third parties.

 

  1. Legal basis for data processing

The necessary legal basis for the processing of personal data after registration for the newsletter by the user is consent in accordance with Art. 6 para. 1 lit. a GDPR.

 

  1. Purpose of the data processing

We collect your e-mail address in order to deliver the newsletter.

 

In order to prevent misuse of the services or the e-mail address provided, we collect other personal data during the registration process.

 

  1. Duration of storage

If the data collection is no longer necessary to achieve the purpose, the data will be deleted. Thus, we store your e-mail address for the duration of the active newsletter subscription.

 

As a rule, other personal data collected during the registration process is deleted after a period of seven days.

 

  1. Possibility of objection and removal

You can cancel your newsletter subscription at any time. You will find a corresponding link in each newsletter.

 

You can also revoke your consent to the storage of other personal data collected during the registration process.

 

  1. Contact form and e-mail contact

 

  1. Description and scope of data processing

We offer a contact form on our website to enable you to contact us electronically, to register for our services or to apply for advertised jobs. To use it, you enter your data in the input mask. This data is then transmitted to us and stored. The following data is collected:

 

  1. a) Title
  2. b) First name
  3. c) Last name
  4. d) CV
  5. e) German level
  6. f) English level
  7. g) Email
  8. h) Visa requirements
  9. i) Phone number
  10. j) Preferred move-in date
  11. k) Preferred lease duration
  12. l) Total budget
  13. m) Job
  14. n) Industry

 

The following data is also stored at the time the message is sent:

 

  1. a) your IP address
  2. b) Date and time of your registration

 

During the sending process, we obtain your consent to the processing of this data and refer to this privacy policy.

 

In addition, you can contact us via the e-mail address provided. In doing so, your personal data transmitted with the e-mail will be stored.

 

The data will be used exclusively for processing the communication. The data processed for the communication will not be passed on to third parties. To prevent unauthorised access to your personal data by third parties, the use of the contact form is encrypted using SSL/TLS technology.

 

  1. Legal basis for data processing

The necessary legal basis for the processing of the data is the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR.

 

If the personal data is transmitted via e-mail, Art. 6 para. 1 lit. f GDPR is the necessary legal basis for the processing of the data. If this contact is also intended to conclude a contract, Art. 6 para. 1 lit. b GDPR also constitutes the necessary legal basis for the processing.

 

  1. Purpose of the data processing

We process the personal data collected via the input mask exclusively for processing the contact. If you contact us by e-mail, this also constitutes the necessary legitimate interest in processing the data.

 

To prevent misuse of the contact form and to secure our IT systems, we use the other personal data processed during the sending process.

 

  1. Duration of storage

If the data collection is no longer necessary to achieve the purpose, the data will be deleted. This is the case for the personal data from the input mask of the contact form and those sent by e-mail when the respective communication with you has ended. This is the case when the circumstances indicate that the matter in question has been conclusively clarified.

 

After a period of seven days at the latest, any additional personal data collected during the sending process will be deleted.

 

  1. Possibility of objection and removal

You can revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. Please note that in this case, further communication with you can no longer be continued.

 

Please send your revocation or objection, stating your first and last name, to the e-mail address hey@pohahouse.com .

 

In this case, any personal data stored for the purpose of contacting you will be completely deleted.

 

VII. Online Shop

 

  1. Description and scope of data processing

You can place orders on our website via our online shop by providing personal data and thus initiate or conclude contracts with us. In doing so, you enter your data for the conclusion of the contract in an input mask. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. After entry, this data is transmitted to us and stored. For the processing of your order, your payment data may be passed on. The following data may be collected during the ordering process:

 

  1. a) First name, last name
  2. b) Company name
  3. c) Country / Region
  4. d) Street and house number (+ flat, suite, room, etc.)
  5. e) Postcode
  6. f) Town/ City
  7. g) State/ County 
  8. h) Telephone number
  9. i) E-mail address
  10. j) Sales tax identification number
  11. k) Different delivery address
  12. l) Notes on the order
  13. m) Payment method

 

The following data is also stored at the time of the order:

 

  1. a) Your IP address
  2. b) Date and time of your order
  3. c) Unique payment identifier
  4. d) Identifier of the payment provider

 

To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using SSL/TLS technology.

 

  1. Legal basis for data processing

Art. 6 para. 1 lit. b GDPR represents the necessary legal basis for the processing of data, insofar as this serves the fulfilment of a contract with you or the implementation of pre-contractual measures.

 

  1. Purpose of the data processing

In order to fulfil the contract with you or to carry out pre-contractual measures, it is necessary to enter your personal data in the input mask. Only in this way can we ensure that the contract is processed in accordance with the law, in particular that the goods are delivered to the desired address and that the payment owed by you in return is made. 

 

  1. Duration of storage

If the data collection is no longer necessary to achieve the purpose, the data will be deleted. This is the case for data collected during the ordering process for the fulfilment of a contract or for the implementation of pre-contractual measures, when this data is no longer required for the implementation of the contract. On the basis of contractual or legal obligations, your personal data may also be stored after the contract has been concluded.

 

  1. Possibility of objection and removal

You can have the data stored about you changed at any time. If the data is used to fulfil a contract or to carry out pre-contractual measures, it can only be deleted prematurely unless contractual or legal obligations prevent deletion.

 

VIII. Transfer of your data to third parties / external service providers

In order to make our website as pleasant and comfortable as possible for you as a user, we occasionally use the services of external service providers. Below you have the opportunity to find out about the data protection provisions on the use and application of the services and functions used, so that you can possibly also exercise your rights with these service providers.

 

  1. Social Networks
  2. Google Tag Manager
  3. jQuery
  4. Google Analytics
  5. Google Maps
  6. Stripe
  7. WooCommerce

 

  1. Social Networks

We use the technical platforms and services of social media networks for the purpose of contacting you and making contributions and comments available.

 

We would like to point out that you use our presence on these networks and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

 

We are active on the following networks and provide links to these networks via our website:

 

  1. a) Instagram

The platform is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can find the link to Instagram’s privacy policy here: https://help.instagram.com/519522125107875/?helpref=uf_share

 

  1. b) LinkedIn

The platform is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The link to LinkedIn’s privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy

 

  1. c) TikTok

The Platform is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The link to TikTok’s privacy policy can be found here: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

 

You can also find more information about social networks and how to protect your data at www.youngdata.de.

 

  1. Google Tag Manager

We use the Google Tag Manager on our website. This is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. With the Google Tag Manager, companies can manage website tags via an interface. The Google Tag Manager is a cookieless domain that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We would like to point this out separately. The Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with the Google Tag Manager.

 

  1. jQuery

We use external code from the JavaScript framework “jQuery” on our website. This is provided by the third-party provider OpenJS Foundation. Learn more about the OpenJS Foundation at the following link: https://openjsf.org/

 

  1. Google Analytics

Google Analytics is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information collected by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

 

At our instigation, your IP address is only recorded by Google in shortened form, which ensures anonymisation and does not allow any conclusions to be drawn about your identity. If IP anonymisation is activated on our websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

 

Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. A transfer of this data by Google to third parties only takes place on the basis of legal regulations or within the framework of order processing. Under no circumstances will Google merge your data with other data collected by Google.

 

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

 

You can find more information on Google Analytics and data protection at https://tools.google.com/dlpage/gaoptout?hl=de.

 

  1. Google Maps

Our websites use Google Maps to display maps and to create directions. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of automatically collected data and data provided by you by Google, one of its agents or third parties. The terms of use for Google Maps can be found at Terms of Use for Google Maps. For full details, please see google.com’s Privacy Center: Transparency and Choice and Privacy Policy.

 

  1. Stripe

For the processing of payment transactions, we use the online payment service Stripe of Stripe Inc. or Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

 

The data collected for the purpose of payment processing on our website goes directly to the payment processing process at Stripe.

 

Stripe is audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1, which is currently the most stringent level of certification available in the payments industry.

 

For more information on Stripe’s privacy policy, please visit: https://stripe.com/de/privacy

 

  1. WooCommerce

To process orders through our website, we use the web shop tool WooCommerce from Bubblestorm Management (Pty) Ltd, Unit A206, The Old Biscuit Mill (TOBM), 373 – 375 Albert Road, Woodstock, Cape Town, South Africa, a company affiliated with Aut O’Mattic A8C Ireland Ltd Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland and Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA.

 

Automattic Inc. pursues the goal of a cross-border company. Accordingly, through the use of WooCommerce, your personal data may also be transferred to a third country. Such a transfer is only permissible if an adequate level of data protection is ensured at the recipient of the transfer.

 

The EU Commission has decided in this regard that it can generally be assumed that companies on the EU-U.S. Privacy Shield list provide an “adequate level of data protection” for the processing of personal data in these companies. Likewise, an adequate level of data protection can be ensured by standard contractual clauses that have been concluded and approved by the EU Commission.

 

Automattic Inc. is certified  in accordance with the requirements of the EU-U.S. Privacy Shield, so that the transfer of your personal data is permissible. Approved standard contractual clauses are available for data transfers to other third countries, so that these are also permissible.

 

WooCommerce uses “cookies”, i.e. text files that are stored on your computer and also enable an analysis of the use of our offer. Art. 6 para. 1 lit. f GDPR provides the necessary legal basis for this processing of personal data using WooCommerce or cookies. By learning how our online shop is used, we can regularly improve our offer. Likewise, these purposes represent our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

 

For more information on WooCommerce and the associated handling of personal data, please refer to the explanations on the data protection  of WooCommerce and, in particular, the Privacy Policy  and the Cookie Policy  of Automattic.

 

  1. Rights of the data subject

 

If personal data is processed by you, you are a data subject within the meaning of the GDPR. You are thus entitled to the following rights vis-à-vis the controller:

 

  1. Right to information

You may request confirmation from the controller as to whether personal data relating to you is being processed by us.

 

If there is such processing, you may request information from the controller about the following:

 

  1. the purposes of processing;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining this duration;
  5. the existence of a right to obtain the rectification or erasure of personal data concerning you, or the restriction of processing by the controller, or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. if the personal data are not collected from the data subject, any available information on the origin of the data;
  8. the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 of the GDPR and – at least in those cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

 

Likewise, you may request information as to whether a transfer of the personal data concerning you to a third country or to an international organisation is taking place. If this is the case, you may request to be informed about the appropriate safeguards in connection with the transfer in accordance with Art. 46 GDPR.

 

  1. Right to rectification

You may request the controller to rectify inaccurate personal data concerning you. Likewise, taking into account the purposes of the processing, you may request the completion of incomplete personal data – also by means of a supplementary declaration. The controller must carry out the requested rectification without delay.

 

  1. Right to erasure (“right to be forgotten”)

You may request the controller to erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:

 

  1. your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lt. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  4. Your personal data have been processed unlawfully. 
  5. The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. 
  6. Your personal data have been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

 

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 para. 1 GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

 

However, the right to erasure does not exist where the processing is necessary for the following purposes

 

  1. for the exercise of the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right to erasure described above is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  5. for the assertion, exercise or defence of legal claims.

 

  1. Right to restriction of processing

You may request the controller to restrict the processing of your personal data if one of the following conditions applies:

 

  1. the accuracy of your personal data has been contested by you for a period enabling the controller to verify the accuracy of your personal data;
  2. the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of your personal data;
  3. the controller no longer needs your personal data for the purposes of the processing but you need it for the establishment, exercise or defence of legal claims; or
  4. you have objected to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the controller’s legitimate grounds override yours.

 

If the processing of your personal data has been restricted, such personal data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

 

Where you have obtained a restriction of processing under the above conditions, you will be informed by the controller before the restriction is lifted.

 

  1. Right to information

Where you have exercised the rights of rectification, erasure or restriction of processing described above in relation to the controller, the controller shall inform all recipients to whom your personal data have been disclosed of such rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

 

Upon your request, the controller shall inform you of these recipients.

 

  1. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. Likewise, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

 

  1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  2. the processing is carried out with the help of automated procedures.

 

When exercising this right, you also have the right to have your personal data transferred directly from one controller to another controller, insofar as this is technically feasible.

 

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

Likewise, the right to data portability shall not affect the rights and freedoms of other individuals.

 

  1. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions.

 

The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

 

If your personal data are processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

 

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

 

In connection with the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures using technical specifications.

 

  1. Right to revoke the declaration of consent under data protection law

You may revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

  1. Automated decision in individual cases including profiling.

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.

 

This does not apply if the decision

 

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or
  3. is done with your explicit consent.

 

In the cases referred to in a) and c), the controller shall take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

 

Decisions under a) to c) must not be based on special categories of personal data under Art. 9 para. 1  GDPR, unless Art. 9 para. 2 lit. a or g of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

 

  1. right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78  GDPR.

 

  1. Up-to-dateness and amendment of this Privacy policy

This Privacy policy is currently valid and has the status July 2022.

 

The further development of our website and its offers or changed legal provisions, or court rulings or official requirements may make it necessary to change this Privacy policy. You can access and print out the current version of our Privacy policy at any time on the website at https://pohahouse.com/privacy-policy.