Data protection information of the Anne Frank House forthe website https://www.thebookcasefortolerance.com/ (“The Bookcase forTolerance”)
The controller in the sense of the General Data ProtectionRegulation (GDPR), of the data protection regulations holding good in themember states of European Union and of other regulations with a legaldata-protecting character is:
P.O. Box 730
1000 AS Amsterdam
Contact form: https://www.annefrank.org/en/about-us/contact/
We do not have a data protection officer as we arelegally not obliged to. For data protection related inquiries, please contact usat the contact details provided above, and they will be addressed by our InformationSecurity & Compliance Officer
The data protectioninformation of the Anne Frank House is based onthe definitions which have been used by the European directive and orderissuing office in formulating the General Data Protection Regulation (GDPR).The data protection information of the theAnne Frank House should be easily read and understood not only bythe general public but also by our customers and business partners. In order toensure this, we would like to clarify in advance the definitions used.
In this data protectioninformation and on our website, we use - amongst others - the following terms:
Personal data is anyinformation relating to an identified oridentifiable natural person (hereafter "data subject"). Defined asidentifiable is a natural person who can be identified, directly or indirectly, in particular by reference to anidentifier such as a name, an identification number, location data, an onlineidentifier or to one or more factors specific to the physical, physiological,genetic, mental, economic, cultural or social identity of that natural person.
Data subject is each identified or identifiable natural person.
Processing means any operation or set ofoperations which is carried out in connection with personal data - whether ornot by automated means - such as collection, recording, organisation,structuring, storage, adaptation or alteration, retrieval, consultation, use,disclosure by transmission, dissemination or otherwise making available,alignment or combination, restriction, erasure or destruction.
Restricting of the processingis the marking of personal data as stored with the objective of restricting itsprocessing in the future.
Profiling is each type of theautomated processing of personal data, which consists of this personal databeing used to permit particular personal aspects relating to a particularnatural person, and here in particular aspects in respect of work performance,economic situation, health, personal likes, interests, reliability, behaviour,place of residence or change of place of residence of this natural person to beevaluated, analysed or forecast.
Pseudonymization is theprocessing of personal data in such a way that the personal data can no longerbe assigned to a specific data subject without the use of additionalinformation, in so far as this additional information is kept in a special wayand subjected to technical and organizational measures which ensure that thepersonal data cannot be assigned to an identifiedor identifiable natural person.
Controller or party responsible for the processing (hereafter controller) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in EuropeanUnion legislation or the legislation of the member states, then the controller or the particular criteria of the appointment of this controller in accordance with EuropeanUnion legislation or the legislation of the member states can be provided.
Processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the controller.
Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However ,authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.
Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the controller, the order processor and those persons which are authorized under the direct responsibility of the controller or of the order processor to process the personal data.
Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.
Where we obtain the consent of the data subject forthe processing of personal data, Article 6(1)(a) of the EU General DataProtection Regulation (GDPR) serves as the legal basis for the processing ofpersonal data.
Art. 6 para. 1 lit. b GDPR serves as the legal basisfor the processing of personal data required for the performance of a contractto which the data subject is a party. This also applies to processingoperations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data isnecessary to fulfil a legal obligation to which our company is subject, Art. 6para. 1 lit. c GDPR serves as the legal basis.
Art. 6 para. 1 lit. d GDPR serves as a legal basis inthe event that vital interests of the data subject or another natural personnecessitate the processing of personal data.
If the processing is necessary to safeguard alegitimate interest of our company or a third party and if the interests,fundamental rights and fundamental freedoms of the data subject do not outweighthe first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legalbasis for the processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
Data protection, data security and secrecy protection have high priority for the AnneFrank House. The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.
In principle, you can visit our website without providing any personal information. However, if you make use of the services of our company via our website, this requires the disclosure of your personal data. In general, we use the data communicated by you and collected by the website and the data stored during use exclusively for our own purposes, namely for the implementation and provision of our website and for the initiation, implementation and processing of the services offered via the website (contract performance) and do not pass these on to outside third parties, unless there is an officially ordered obligation to do so. In all other cases, we will obtain your separate consent.
Your personal data will be processed in accordance with the requirements of the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to theAnne Frank House. By means of this data protection note, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we will inform you of your rights by means of this data protection information.
The Anne Frank House has implemented technical and organisational measures to ensure adequate protection of personal data processed via this website.Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed.
The Bookcase for Tolerance website of the the Anne Frank House collects a series of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system,(3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website can be recorded, (5) the date and time of an access to the website, (6)an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
When using this general data and information, Anne Frank House does not draw any conclusions about the data subject.Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3)ensure the long-term functionality of our information technology systems and he technology of our website, and (4) provide law enforcement authorities with the information they need to prosecute a cyber-attack. This anonymous data and information is therefore evaluated by AnneFrank House both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
Art. 6 para. 1 lit. f GDPR (legitimate interest)
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended. If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible.In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
No, as necessary for operation of the website
We employ cookies in order to arrange our website in amore user-friendly manner. Certain elements of our website require that the callingbrowser can also be identified after a page change.
The data of the user collected in this way ispseudonymized by technical processes. Accordingly, assignment of the data tothe user calling in is more difficult. The data collected is not stored togetherwith other personal data of the user.
You can manage your cookie preferences and obtain further information using the Anne Frank House The Bookcase for Tolerance cookie settings using the main navigation located on the top right corner of the site.
You can use the following links to find out how to disable cookies on the most important browsers:
· MozillaFirefox: https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox
· Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
· Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Please note that if you deactivate cookies, you maynot be able to use our website properly.
Article 6 Para. 1 lit. f GDPR(legitimate interests) for strictly technically essential cookies In addition: Article 6 Para. 1lit. a GDPR(consent)
Managing cookie preferences on the Anne Frank House The Bookcase for Tolerance website Cookie Settings (see manage cookie settings on navigation) Disabling cookies in browser.
We have integrated on this website the Google Analytics component (with anonymization function). Google Analytics is a web-analysis service. Web-analysis is the collecting, compilation and evaluating of data concerning the behaviour of the visitors to websites. A web-analysis service collects - amongst other things -data on from which website (the so-called referrer) a data subject has come to a website, which sub sites of the website were accessed or how often and for what period a sub site was watched. Web-analysis is used primarily for optimization of a website and for cost-benefit analysis of Internet advertising.
The operating company of the Google-Analytics component is Google Inc., 1600Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The party responsible for the processing uses the suffix „gat.anonymizeIp“ for the web analysis via Google Analytics. With the aid of this suffix the IP-address of the Internet connection of the data subject is abbreviated and anonymized if the access to our website comes from a member state of the European Union or from another signatory of the agreement on the European Economic Area.
The purpose of the Google Analytics component is the analysis of the visitor flows to our website. Google uses the data and information obtained in order to - amongst other things - evaluate the use of our website, to prepare for us online reports which show the activities on our website and to provide further services linked with the use of our website.
Google Analytics sets a cookie on the IT system of the data subject. What cookies are has been explained above. The setting of cookies enables Google to analyze the use of our website. With each call of an individual page of this website, which is operated by the party responsible for the processing and on which a Google Analytics component has been integrated, the Internet browser on the IT-system of the data subject is automatically caused by the particular Google Analytics component to transmit data to Google for the purpose of online analysis. Within the framework of this technical process, Google obtains knowledge of personal data such as the IP-address of the data subject, which data enables Google to - amongst other things - trace the origin of the visitor and clicks and as a consequence to make possible the issuing of commission invoices.
With the aid of cookies items of information related to personal data, e.g. the access time, the place from which an access started and the frequency of the visits to our website by the data subject, are stored. With each visit to our website this personal data including the IP-address of the Internet connection used by the data subject is transmitted to the United States of America. This personal data is stored by Google in the U.S.A. In certain circumstances Google passes on this personal data as collected via the technical process to third parties.
As has already been described above, the data subject can prevent the setting of cookies by our website at any time by making an appropriate setting on his/her Internet browser as used and thereby object to the setting of cookies in a durable manner. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the IT system of the data subject. In addition, a cookie that has already been set by Google Analytics, can be deleted at any time via the Internet browser or another software program.
Anne Frank House is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure that your personal data is processed lawfully and securely.
Further information and the valid and applicable data protection regulations of Google can be called under https://www.google.de/intl/de/policies/privacy/ as well as under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link: https://www.google.com/intl/de_de/analytics/.
Article 6Para. 1 lit. a GDPR (consent)
A web analysis is mainly used to optimize a website and for cost-benefit analysis of internet advertising. The purpose of setting third-party cookies is to improve our offer for you by analyzing your user behavior. As a rule, only a pseudonymized data transfer to the third parties takes place. Moreover, it is up to you to prevent the transmission of third-party cookies by means of an appropriate setting in the cookie banner or within your Internet browser.
Third-party cookies are stored on the user's computer and transmitted to our site by the user. They are stored until the purpose of the processing no longer applies or you revoke your consent. Therefore, you as a user also have full control over the use of third-party cookies.
By changing the settings in your Internet browser, you can disable or restrict the transmission of third-party cookies. Third-party cookies that have already been stored can be deleted at any time. This can also be done automatically.
We, the Anne Frank House, operate our own Facebook fan page at [https://www.facebook.com/annefrankhouse/]. As the operator of this Facebook page, we, together with the provider of the social network Facebook (Facebook Ireland Ltd.), are responsible within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both controllers.
We have concluded an agreement with Facebook on joint data protection controllership (Page Controller Addendum). With this agreement, Facebook acknowledges its joint responsibility with regard to so-called Insights data and assumes essential data protection obligations to inform data subjects, to ensure data security or to report data protection violations. In addition, the agreement stipulates that Facebook is primarily the point of contact for the exercise of data subjects' rights (Art. 15 - 22 GDPR). As a provider of the social network, Facebook alone has direct access to the required information and can also immediately take any necessary measures and provide information. Should our support nevertheless be necessary, we can be contacted at any time.
On our Facebook fan page you also have the opportunity to comment on our contributions, rate them and get in touch with us via private messages or take part in competitions.
The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain statistics that Facebook generates on the basis of visits to our Facebook fan page. The purpose of this is to control the marketing of our activities. For example, it allows us to learn about the profiles of visitors who value our Facebook Page or use applications on the Page to provide them with more relevant content and develop features that may be of greater interest to them.
It cannot be ruled out that some of the information collected may also be processed outside the European Union by
Facebook Inc. based in the USA. Facebook Inc. has submitted to the standard contractual clauses adopted by the EU Commission and thus undertakes to comply with European data protection requirements.
We our selves do not pass on any personal data that we receive via our Facebook page.
For furtherinformation on our contact data, including our data protection officer, therights of data subjects vis-à-vis us and how we process personal data, pleaserefer to the relevant sections of this data protection declaration.
We operate this Facebook page in order to present, interact and communicate with the users of Facebook as well as other interested persons and our customers who visit our Facebook page. The processing of the users' personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when participating in competitions or answering product application questions based on a (pre-)contractual relationship according to Art. 6 para. 1 lit. b) GDPR.
The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain statistics that Facebook compiles based on visits to our Facebook fan page. The purpose of this is to control the marketing of our activity. For example, it allows us to gain knowledge of the profiles of visitors who like our Facebook page or use applications of the page in order to provide them with more relevant content and develop features that may be of greater interest to them. In addition, we operate this Facebook page to help us better understand how our Facebook Page can better achieve our business goals, demographic and geographic analyses are also created and provided to us based on the information we collect. We can use this information to target interest-based ads without directly knowing the identity of the visitor. If visitors use Facebook on multiple devices, the collection and analysis can also take place across devices if they are registered visitors who are logged into their own profiles. The visitor statistics created are transmitted to us exclusively in anonymized form. We have no access to the underlying data. Furthermore, we use our Facebook page to communicate with our customers, interested parties and Facebook users and to inform them about us and our products. In this context, we may receive further information, e.g., due to user comments, private messages or because you follow us or share our content. The processing takes place exclusively for the purpose of communication and interaction with you.
Your data will be deleted when the purpose ceases to exist, provided there is no obligation to retain it.
Your data will be deleted when the purpose ceases to exist, provided there is no obligation to retain it.
If you visit our Instagram page [https://www.instagram.com/annefrankhouse_official/] and your browser allows cookies to be stored, Facebook Ireland stores information in the form of small text files in your browser's memory (hereinafter "cookies") and can access this information when you visit the Facebook platform or a website that embeds Facebook technologies. For more information on the purpose of the cookies used, on the integration of these cookies by other websites and on your control options in this regard, please refer to the information on Instagram cookies.
We would like to point out that Facebook Ireland is able, by means of the cookies used, to track your user behavior (for logged-in users across devices) on other websites beyond the Instagram platform. This applies both to persons registered with the Instagram platform and to persons not registered there.
We would also like to point out that we have no influence on the data processing carried out by Facebook Ireland in connection with cookies. Visiting our Instagram page is also possible if you configure your browser so that no cookies are stored by the Facebook platform. Information on how to adjust the settings for cookies in your browser can usually be found in the help section of the browser you use.
If you are registered or logged in to the Instagram or Facebook platform and would like to avoid Facebook Ireland being able to associate your visit to our Facebook page with your Instagram or Facebook user account, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and exit and restart your browser.
Our Instagram page allows you to respond to and comment on our posts, view our Stories, participate in Story interactions, and send us private messages. Please carefully consider what personal information you share with us through our Instagram page. If you would like to avoid Facebook processing personal data you submit to us, please contact us through other means.
In addition to the content you submit, information about your profile, likes, and posts will be visible to us depending on your privacy settings.
The processing of your data when contacting or interacting with our site or its content is carried out by us on the basis of Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to respond to your request. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
We process the data you provide in this context and which may be accessible to us in order to protect our legitimate interests in contacting and communicating with our interested parties, which outweigh our interests in the context of a balancing of interests. This is also our legitimate interests in data processing pursuant to Art. 6 (1) p. 1 lit. f GDPR.
We have set up our Instagram page as a business profile and use anonymized page statistics provided by Facebook Ireland ("Instagram Insights"), which provide us with insights about visitors to our Instagram page and their interactions with our Instagram page and its content. We do not contribute to the decision on the means and purposes of processing event data used to generate page statistics. The statistics include the following information:
• Reach, page views, time spent on video posts.
• Interactions such as tagging a post with "like," commenting, or sharing posts
• Demographics such as age, gender, and location.
We use this data to identify trends. It is not possible for us to link back to individuals who triggered these events.
It is not excluded that data from users may be processed on systems outside the European Union. Instagram has submitted to the standard contractual clauses and has thus undertaken to comply with EU data protection standards.
We operate this Instagram page in order to present, interact and communicate with Instagram users and other interested persons and our customers who visit our Instagram page. The processing of personal data of users is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR). As well as in the case of participation in sweepstakes or answering product application questions based on a (pre-)contractual relationship pursuant to Art. 6 para. 1 lit. b) GDPR.
We use our Instagram page to communicate with our customers, interested parties and Instagram users and to inform them about us and our products. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you. In particular, our legitimate interest is our business interest in sharing information with our users and being able to communicate with them.
Your data will be deleted when the purpose ceases to exist, provided there is no obligation to retain it.
You can object to the processing of your personal data by Instagram via the above links. Furthermore, you can object to the processing of your personal data by us via our contact options.
We, Anne Frank House, use a Twitter fan page under the name @annefrankhouse. In the following we would like to inform you about the processing of your personal data on our Twitter fan page.
Twitter is a service provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.
We have no influence on the type and scope of the data processed by Twitter Inc. or its transfer to third parties. We have no means of control in this regard. Your data is collected and processed by Twitter Inc. Your personal data is transferred to the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence.
Data that you have voluntarily submitted to Twitter Inc. will be processed by Twitter Inc. (e.g. name and username, email address, telephone number or the contacts in your address book) if you upload them. In addition, Twitter Inc. evaluates the content you share. As a result, Twitter Inc. determines the topics and content you are interested in. Furthermore, confidential messages that you send to other users of Twitter are processed. GPS data, wireless network information or your IP address are used to determine your location and to send you content, usually advertising.
The evaluation is carried out with the help of various analysis tools, such as Google Analytics. The use of such analysis tools by Twitter is not subject to our control or influence. If such analysis tools are used by Twitter Inc., we were not informed about the use of such tools. As a result, Twitter Inc. has not been engaged by us to provide support or assistance in the use of such analysis tools. Furthermore, the results of such analysis are not made available to us. Only anonymised information about the response generated by tweets (clicks, likes, etc.) can be viewed by us. The use of analysis tools on our Twitter account cannot be turned off and there are no other ways to prevent such use.
Twitter also receives data from visitors who do not have a Twitter account when they view content on Twitter. This log data includes the IP address, the type of browser used, the operating system, information about the website and pages you have previously visited, location, mobile phone provider, cookies or search terms and the end device used.
Twitter also has the option of recording visits to websites and assigning them to the corresponding Twitter account if so-called Twitter buttons or widgets have been embedded in the respective website.
It is possible for you to restrict the processing of your data by Twitter. To do so, you can open the general settings of your Twitter account and change your privacy settings under "Privacy and Security".
You can control and individualize your privacy settings here:
Additional assistance is available for this purpose:
You can also change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that Twitter has limited access to your contact data, location data, calendar data or photos, among other things. These setting options differ depending on the operating system used on your mobile device.
For more information and assistance, please visit:
• https://support.twitter.com/articles/20172711# (possibility to view your own data processed by Twitter)
• https://twitter.com/your_twitter_data (Information about conclusions from Twitter about you)
• https://support.twitter.com/forms/privacy (form to receive further information from Twitter)
• https://support.twitter.com/articles/20170320# (possibility to download your own Twitter archive)
If we process your personal data on Twitter, it will not be collected via our Twitter account. There is no transfer of data to Twitter, such as IP addresses, due to the embedding of tweets on homepages or similar.
However, it may be that we retweet tweets from you, reply to tweets from you or compose tweets that refer to you or your Twitter account. In this respect, your public data on Twitter may be made available to followers of our site.
A transfer to authorities will only take place in the presence of overriding legal provisions.
If we publish images of individuals, this is done via consent (legal basis: Art. 6 para. 1 lit. a GDPR), on the basis of a contractual fulfillment (legal basis: Art. 6 para. 1 lit. b GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6 para. 1 lit. f GDPR).
It is not excluded that data from users may be processed on systems outside the European Union. Twitter has submitted to the standard contractual clauses and has thus undertaken to comply with EU data protection standards.
We operate this Twitter page in order to present, interact and communicate with Twitter users and other interested persons and our customers who visit our Twitter page. The processing of personal data of users is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR). As well as in the case of participation in sweepstakes or answering product application questions based on a (pre-)contractual relationship pursuant to Art. 6 para. 1 lit. b) GDPR.
We use our Twitter page to communicate with our customers, interested parties and Twitter users and to inform them about us and our products. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you. In particular, our legitimate interest is our business interest in sharing information with our users and being able to communicate with them.
You can object to the processing of your personal data by Twitter via the above links. Furthermore, you can object to the processing of your personal data by us via our contact options.
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights towards the data controller:
You can obtain confirmation from the data controller as to whether or not personal data concerning you will be processed by us.
In the event of such processing, you may request the following information from the data controller:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
You have the right to have your personal data rectified and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.
Under the following conditions, you may request that the processing of your personal data be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period which enables the person responsible to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data have been processed unlawfully.
(5) The erasure of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data relating to you have been collected in relation to information society services offered pursuant to Article 8(1) GDPR.
If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the data controllers who process the personal data that you as the data subject have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to erasure does not apply if the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
Furthermore, the right to erasure does not apply if the personal data must be stored by the controller due to legal storage obligations and periods. In such a case, the personal data will be blocked instead of deleted.
If you have exercised your right to rectify, erase or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or limitation, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients by the data controller.
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable and interoperable format. In addition, you have the right to communicate this data to another controller without being hindered by the controller to whom the personal data was provided, provided that
(1) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right of objection through automated procedures using technical specifications in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC.
You have the right to revoke your declaration of consent under data protection law at any time and without stating reasons. In the event of revocation, we will immediately delete your personal data and no longer process it. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke your consent.
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is authorised by legislation of the Union or of the Member States to which the controller is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right of the controller to obtain the intervention of a person, to present his or her point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Controller: Anne Frank House