Under Article 16 of the GDPR, you have the right to have incomplete data concerning you completed and inaccurate data rectified.

In accordance with Article 17 of the GDPR you have the right to demand the erasure of data concerning you without undue delay. Alternatively, in accordance with Article 18 of the GDPR you have the right to obtain the restriction of processing of the data.

Under Article 20 of the GDPR you have the right to receive the data concerning you, which you have provided us with, and to obtain its transfer to another controller.

You also have the right under Article 77 of the GDPR to lodge a complaint with the competent supervisory authority.

Right of withdrawal of consent

In line with Article 7, paragraph 3 of the GDPR, you have the right to withdraw your consent with future effect. A withdrawal of consent will have immediate effect on the lawfulness of the processing of your personal data.

Right to object

Under Article 21 of the GDPR you can object at any time to the future processing of data concerning you.

If the processing of your personal data by us is based on a balancing of interests, you can lodge an objection to its processing. If you exercise your right to object, we request that you state the reasons why we should not process your personal data. If your objection is well-founded, we will investigate the circumstances and cease or customise the processing of the data; otherwise we will inform you if there are compelling and legitimate grounds for continuing to process the data.

Cookies and the right to object in the case of direct marketing

Cookies are small files that are stored on a user’s computer. Various data can be stored in the cookies. The main purpose of a cookie is to store a user’s data (or that of the terminal device on which the cookie is stored) during or after the user’s visit to an online service. Temporary, session or transient cookies are cookies that are erased when a user leaves an online service and closes the browser. These cookies can store data such as the content of a shopping basket in an online shop or a login status. Permanent or persistent cookies are those that continue to be stored after the browser is closed. For instance, the login status can be saved when the user visits a site after several days. The user’s interests can also be stored in such a cookie; these are then used for measuring reach or for marketing purposes. Third-party cookies are those placed by providers other than the controller who operates the online service (whereas cookies placed by the controller are first-party cookies).

We may use temporary and permanent cookies, and we provide information on them in our privacy statement.

If users do not wish cookies to be stored on their computers, they should disable the relevant option in their browser settings. Stored cookies can be deleted from the browser’s settings. However, deleting cookies can limit the effectiveness of this online service for the user.

A general objection to the use of cookies for the purpose of online marketing can be lodged for many websites, particularly in the case of tracking, through the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The storage of cookies can also be achieved by disabling them in the browser’s settings. Please note that disabling cookies may result in your not being able to use all the functions of this online service.

The legal basis for processing your data using cookies is Article 6, paragraph 1 (f) of the GDPR.

Erasure of data

The data processed by us is erased or its processing is restricted in accordance with Article 17 and 18 of the GDPR. Unless specifically stated in this privacy statement, the data stored by us is erased as soon as it is no longer need for its purpose provided that there are no legal requirements to retain it. If the data is not erased because it is needed for other legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for instance, to data that has to be retained for reasons relating to commercial or tax law.

According to the legal requirements in Germany, data is retained for ten years in line with Section 147, paragraph 1 of the German Tax Code (Abgabenordnung, AO), Section 257, paragraph 1, nos. 1 and 4 and paragraph 4 of the German Commercial Code (Handelsgesetzbuch, HGB) (books, accounting records, management reports, journal vouchers, account books, tax-related documents etc.) and six years in line with Section 257, paragraph 1, nos. 2 and 3, and paragraph 4 of the German Commercial Code (business letters).

According to the legal requirements in Austria, data is retained for seven years in line with Section 132, paragraph 1 of the Austrian Federal Tax Code (Bundesabgabenordnung, BAO) (accounting documents, receipts/invoices, ledgers, supporting documents, business papers, statement of income and expenditure etc.), for 22 years in relation to property and for ten years for documents connected with services provided electronically, and telecommunications, radio and television broadcasting services rendered to non-business enterprises in EU member states, for which the Mini-One-Stop-Shop (MOSS) scheme is used.

Making contact

When a user makes contact with us (for example, through the contact form, or by email, phone or social media) the user’s data is processed to handle and manage the enquiry in line with Article 6, paragraph 1 (b) of the GDPR. The user’s data may be stored in a customer relationship management (CRM) system or comparable enquiry management system.

We delete the enquiries when they are no longer needed. We review the necessity for retention every two years; the statutory archiving requirements also apply.

The legal basis for the processing is Article 6, paragraph 1 (f) of the GDPR. Our legitimate interest consists in answering your enquiry.

Hosting

The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use to operate this online service.

In relation to this we – or our hosting service provider – process user data, contact data, content data, usage data, metadata and communications data on users, potential customers and visitors to this online service on the basis of our legitimate interests in efficient and secure provision of this online service in accordance with Article 6, paragraph 1 (f) and Article 28 of the GDPR (processing under contract).

Collection of access data and log files

We – or our hosting services provider – collect data about each access to the server on which this service is located (server log files) on the basis of our legitimate interests within the meaning of Article 6, paragraph 1 (f) of the GDPR. The access data includes the name of the website accessed, the file, the date and time of access, the quantity of data transferred, the notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the web page from which the user first arrived at the site), the IP address and the enquiring provider.

Log file information is stored for security reasons (for instance, to resolve cases of abuse or fraud) and for billing purposes.

This connection data is not used to determine the identity of the user or merged with data from other sources. It is only used to provide the website. The legal basis for the processing is Article 6, paragraph 1 (f) of the GDPR.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (‘Google’), to pursue our legitimate interests (the analysis, optimisation and cost-effective operation of our online service within the meaning of Article 6, paragraph 1 (f) of the GDPR). Google uses cookies. The information generated by the cookie about the use of the online service by the user is generally transmitted to and stored by Google on servers in the United States.

Google is certified under the Privacy Shield agreement, which provides a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to analyse the use of our online service by users, to compile reports on their activities within this website and to provide further services to us related to their use of this online service and of the internet. Pseudonymised user profiles may be created for users from the processed data.

We only use Google Analytics with enabled IP anonymisation. This means that users’ IP addresses are abbreviated within a member state of the European Union or in another state party to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the United States and abbreviated there in exceptional cases.

The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent cookies from being stored by changing the settings in their browser software; they can also prevent Google’s collection of the data generated by the cookie relating to their use of the online service and its processing of this data, by downloading and installing the browser plugin available through this link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data by Google and on your options in relation to settings and objections can be found in Google’s privacy policy at https://policies.google.com/technologies/ads and in the ad settings for Google (https://adssettings.google.com/authenticated).

Users’ personal data is deleted or anonymised after 14 months.

Online presence in social media

We maintain an online presence on social networks and platforms to communicate with customers, potential customers and users who are active in these media and to enable us to inform them about our work, but also to enable us to offer a wider range of information. The terms and conditions of business and the data processing policy of the relevant operator apply when users are accessing the relevant networks and platforms.

If not otherwise stated in our privacy statement, we process users’ data if these users are communicating with us within the social networks and platforms, for example writing articles on our online services or sending us messages.

Embedding of third-party services and content

To pursue our legitimate interests (the analysis, optimisation and cost-effective operation of our online service within the meaning of Article 6, paragraph 1 (f) of the GDPR) we embed content and services such as videos (hereinafter referred to collectively as ‘content’) from third-party providers in our online service).

This is only possible if the third-party providers of this content can detect the user’s IP address, as without the IP address they could not send the content to the user’s browser. The IP address is thus necessary for the content to be displayed. We endeavour only to use content from providers that only use the IP address to deliver the content. Third-party providers may also use pixel tags (invisible graphics also known as web beacons) for statistical or marketing purposes. Information such as visitor traffic on the pages of this website can be analysed by the pixel tags. The pseudonymised information can also be stored in cookies on the user’s terminal device and contain details such as technical information on the browser and the operating system, referring websites, the time of the visit and other details on the use of our online service, and be linked to such information from other sources.

Youtube

We use videos from the YouTube platform, which is owned by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We have embedded YouTube videos in our online service, which are stored at http://www.YouTube.com and can play directly from our website. When you visit the website, YouTube receives the information that you have accessed the relevant subpage of our website. Access data is also transmitted. This takes place regardless of whether or not you are logged into a user account provided by YouTube. If you are logged in to Google, your data will be associated directly with your account. If you do not wish this data to be associated with your profile at YouTube, you have to log out before enabling the button. YouTube stores your data as user profiles and uses it for the purposes of advertising, market research and/or customised design of its website. Such analysis takes place particularly (even for users who are not logged in) for the provision of customised advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the creation of these user profiles, but you have to contact YouTube to exercise this right.

Additional information on the purpose and scope of the data collection and its processing by YouTube can be found in YouTube’s privacy policy, where you will also find other information on your rights and the options with regard to your privacy settings. Google also processes your personal data in the United States and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Privacy policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated.

Google Maps

Our online service has embedded maps from Google Maps, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include users’ IP addresses and location data, but these are not collected without their consent (generally arranged through the settings of their mobile devices).

When you visit the website, Google receives the information that you have loaded the relevant subpage of our website. Access data is also transmitted. This takes place regardless of whether or not you are logged into a user account provided by Google. If you are logged into Google, your data will be directly associated with your account. If you do not wish this data to be associated with your profile at Google, you have to log out before enabling the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research and/or customised design of its website. Such analysis takes place particularly (even for users not logged in) for the provision of customised advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the creation of these user profiles, but you have to contact Google to exercise this right.

Further information on the purpose and scope of the data collection and its processing by the plugin provider can be obtained from the provider’s privacy policy, where you will also find other information on your rights in this respect and the options with regard to your privacy settings.

The legal basis for the processing of your data is Article 6, paragraph 1 (f) of the GDPR. The data may be processed in the United States. Google is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Privacy policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated.

Amendment of privacy statement

We reserve the right to amend this privacy statement at any time with future effect. The current version is available on the website. Please visit the website regularly for information about the current privacy statement.

Contact details

If you have any questions, comments or queries about the collection, processing and use of your personal data by us, please contact us using the contact details provided.

Michaela Roth
Deutscher Derivate Verband e.V.
Pariser Platz 3
10117 Berlin
Germany
presse@derivateverband.de

The German version of this privacy statement is the governing version and shall prevail whenever there is any discrepancy between the German version and the English version. The company cannot be held responsible for any misunderstanding or misinterpretation arising from the convenience translation in English language.