Data Protection Policy

Data Protection Policy according to the GDPR

Please note our Data Protection Policy, which you can download here as a pdf file:

Data Protection Policy in accordance with the GDPR 2024 (PDF-Download)

1. Name and address of the controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other provisions of data protection law, is:
artop GmbH
Christburger Str. 41
10405 Berlin
Germany
Tel.: +49 30 44 01 29 90
email: kontakt@artop.de
Website: www.artop.de


2. Name and address of the data protection officer

The controller’s data protection officer is:

Type: external data protection officer
Company: mip Consult GmbH
Last name: Thomas
First name: Cindy
e-mail: c.thomas@mip-consult.de
Phone: 49-(0)30-20 88 999 - 46
Fax: 49-(0)30-20 88 999 - 88
Date of the order: 01.02.2024


3. General matters concerning data processing

3.1 Scope of the processing of personal data
In general, we process the personal data of our users only if this is necessary in order to provide a functioning website and our content and services or in order to optimise the technical functionality of our website (redirecting from old pages to new pages). We normally process the personal data of our
Data Protection Policy in accordance with the GDPR 2 of 14
users only with their consent. An exception exists in cases where it is not possible for practical reasons to obtain advance consent and the processing of the data is permitted by statutory provisions.

3.2 Legal basis for the processing of personal data
To the extent that we obtain consent from the data subject for processing operations involving personal data, the legal basis is Article 6(1)(a) GDPR.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis is Article 6(1)(b) GDPR. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Article 6(1)(c) GDPR
In the event that the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1)(d) GDPR.
If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6(1)(f) GDPR.

3.3 Data erasure and period of storage
The data subject’s personal data are erased or blocked once the purpose for storage ends. In addition, personal data may be stored if this was provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data are blocked or erased only if a storage period prescribed by the aforementioned legal norms has expired, unless it is necessary to continue to store the date for the conclusion or performance of a contract.


4. Provision of the website and creation of log files

4.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system wordpress of the accessing computer.
In the process, the following data are collected:
(1) information about the browser type and the version being used
(2) the user’s operating system
(3) the user’s internet service provider
(4) the user’s IP address
(5) date and time of access
(6) websites from which the user’s system reached our website
(7) websites from are accessed by the user’s system from our website
The data are likewise stored in our system’s log files. They do not include the user’s IP addresses or other data that enable the data to be attributed to a user. These data are not stored together with other personal data of the user.
Data Protection Policy in accordance with the GDPR 3 of 14

We do not use cookies for analysis purposes when visiting our website.

4.2 Legal basis for data processing
The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR.

4.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.

4.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection. Where data are collected for the purpose of providing the website, this is the case when the relevant session has ended.

4.5 Option to object and remove
The collection of data for the purpose of providing the website and the storage of data in log files are essential for the operation of the website. Therefore, the user has no option to object.


5. Use of cookies

5.1 Description and scope of data processing
This website uses cookies. Cookies are text files that are stored in or by the web browser on the user’s computer system. Thus, if a user accesses a website, a cookie may be stored on the user’s operating system. This cookie consists of a series of characters that make it possible to unambiguously identify the browser when the website is accessed again.

The data of users collected in this manner are pseudonymised through technical measures. Therefore, it is no longer possible to attribute the data to the accessing user. The data are not stored together with other personal data of users.
When accessing our website, users are notified by an info banner about the use of cookies for analysis purposes and are referred to this Data Protection Policy.

5.2 Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.
Data Protection Policy in accordance with the GDPR 4 of 14

5.3 Purpose of data processing
The purpose for using technically necessary cookies is to simplify the use of websites for users. Some features of our website are not able to be offered without the use of cookies. For them, the browser needs to be recognised also after switching pages.
We require cookies for the following applications:
(1) confirmation of consent to the use of cookies
The user data collected through technically necessary cookies are not used to create user profiles.

5.4 Period of storage, option to object and remove
Cookies are stored on the user’s computer and transmitted by it to our website. Therefore, as user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or limit the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also take place automatically. If cookies are deactivated for our website, all features of the website may be unable to be used to their full extent.


6. Newsletter

6.1 Description and scope of data processing
On our website, it is possible to subscribe to a free newsletter. When subscribing to the newsletter, the data in the entry fields “last name”, “first name”, and “email address” are transmitted to CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany.
In addition, the following data are collected when subscribing:
(1) date and time of registration
When subscribing, your consent is obtained to the processing of the data, and reference is made to this Data Protection Policy.

6.2 Legal basis for data processing
The legal basis for the processing of data after the user subscribes to the newsletter is, provided that the user has consented, Article 6(1)(a) GDPR.

6.3 Purpose of data processing
The collection of the user’s email address serves the purpose of sending the newsletter.
The collection of other personal data when subscribing serves the purpose of preventing misuse of the services or the utilised email address.

6.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection. Accordingly, the user’s email address is stored for as long as the newsletter subscription is active.
Data Protection Policy in accordance with the GDPR 5 of 14
In most cases, the other personal data that are collected on the artop website when subscribing are erased without delay.

6.5 Option to object and remove
The relevant user may cancel the subscription to the newsletter at any time. Each newsletter contains a corresponding link for the purpose.
The consent to the storage of personal data that are collected when subscribing can likewise be withdrawn at that time.

7. Privacy Policy Google Maps
The operator uses the Google Maps API to visually display geographic information. When using Google Maps, Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043) also collects, processes and uses data on the use of the Maps functions by visitors to the website. Further information about data processing by Google can be found in Google's data protection information, which can be accessed at https://policies.google.com/privacy?hl=de.

8. YouTube video integration

We have integrated YouTube videos into our online offering, which are stored at https://www.youtube.com/ and can be played directly from our website. These are all embedded in "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the following paragraph be transferred. We have no influence on this data transfer.

By visiting the website, YouTube receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned in the creation of log files of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you don't want the association with your YouTube profile, you must log out before activating the video. YouTube stores your data as user profiles and uses them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide advertising tailored to your needs and to inform other users of the social network about your activities on our website.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google's privacy policy. There you will also find further information about your rights and setting options to protect your privacy: https://policies.google.com/privacy?hl=de

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework


9. Data protection policy for the use of Xing

Our website uses features of the network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages is accessed that contains XING features, a connection is established to XING servers. To our knowledge, personal data are not stored when this occurs. In particular, IP addresses are not stored, and usage behaviour is not analysed.
You can find additional information about data protection and the Xing share button at https://www.xing.com/app/share?op=data_protection
Objection to advertising email
Data Protection Policy in accordance with the GDPR 6 of 14
We hereby object to the use of contact data published in connection with the imprint duty for the purpose of sending advertising and informational materials that were not expressly requested. The operator of the sites expressly reserves the ability to take legal action in the event of the unrequested sending of advertising information, such as through spam email.
Information, erasure, blocking
You at all times have the free right to information about the personal data stored about you, their source and recipients, and the purpose of data processing, as well as a right to the rectification, blockage, or erasure of these data. You may contact us at any time about this or with other questions at the address indicated in the imprint.

 

10. Data protection policy for the use of LinkedIn
Our website uses features of the LinkedIn network. Provider is: LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland. Each time you access one of our pages that contains LinkedIn features, a connection is made to LinkedIn servers. To the best of our knowledge, no personal data is stored. In particular, no IP addresses are stored or the usage behaviour is evaluated.

Further information on data protection and the LinkedIn Share-Button can be found in the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

11. Responsibility for (hyper-) links

Some of our Internet pages contain links or connections to other Internet pages. These direct links are checked by us with reasonable care. We are not responsible for the contents of Internet pages to which we link. Furthermore, we are not responsible for the contents of internet sites that refer to us.

12. Server log files

The provider of the sites collects and automatically stores information in so-called server log files, which your browser automatically transmits to us. This consists of:
(1) browser type/browser version
(2) the operating system being used
(3) referrer URL
(4) host name of the accessing computer
(5) time of day of the server request
(6) IP address is not stored
These data cannot be attributed to specific persons. These data are not combined with other data sources. We reserve the ability to retrospectively review these data if we become aware of specific indications of unlawful use.


13. Registering for a training session or an open seminar

13.1 Description and scope of data processing
On our website, we offer users the ability to register for a training session or an open seminar by providing personal data. In this regard, the data are entered in an entry field and transmitted to us and stored. The data are not disclosed to third parties. The following data are collected in connection with the registration process:
(1) salutation, title, first name, last name
(2) postal address
(3) email address
(4) phone number (landline and/or mobile phone)
(5) where applicable, CV, application documents, references, and certificates
(6) motivation for registering
(7) where applicable, current job and employer
(8) where applicable, date and place of birth
In addition, the following data are stored at the time of registration:
Data Protection Policy in accordance with the GDPR 7 of 14
(1) date and time of registration
The user’s consent to the processing of these data is obtained in connection with the registration process.

13.2 Legal basis for data processing
The legal basis for the processing of data is, provided that the user has consented, Article 6(1)(a) GDPR.

13.3 Purpose of data processing
Registration by the user is necessary for the performance of a contract with the user or in order to take steps prior to entering into a contract.
In the case of taking steps prior to entering into a contract or performing a contract, these data are primarily collected for correspondence. Personal data are collected
(1) in order to be able to identify you as a customer;
(2) in order to be able to reasonable advise you;
(3) for the purpose of corresponding with you;
(4) in order to be able to fulfil pre-contractual and contractual duties owed to you;
(5) in order to be able to meet our statutory obligations;
(6) for the purpose of invoicing and, where necessary, in connection with dunning;
(7) for purposes of permissible direct marketing;
(8) for the purpose of asserting possible claims against you.

13.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection.
This is the case for the during the registration process for the performance of a contract or in order to take steps prior to entering into a contract where the data are no longer necessary for performance of the contract. The contracting partner’s personal data may also need to be stored after conclusion of the contract in order to meet contractual or statutory obligations.
The processing of personal data occurs when you enquire with us and is necessary for the aforementioned purposes for handling your order and for fulfilling obligations in connection with the underlying contract.
The collected personal data are stored until expiry of the statutory retention period for merchants (6, 8, or 10 years after the end of the calendar year in which the contractual relationship was terminated) and then erased. By way of exception, this does not apply if we are obligated because of retention duties under tax law or commercial law (pursuant to the German Commercial Code (HGB), the German Criminal Code (StGB), or the German Fiscal Code (AO)) to store them for a longer period of time or if you consented to storage for a longer period of time.

13.5 Option to object and remove
As user, you at all times have the option to cancel the registration. You can at any time have the data stored about you modified.
Data Protection Policy in accordance with the GDPR 8 of 14
Your rights as data subject
As the subject of data processing, you have the following rights:
(1) Right to withdraw: You can withdraw consent you have granted at any time. Data processing based on the withdrawn consent may henceforth no longer be continued.
(2) Right to information: You can obtain information about your personal data processed by us. This applies, in particular, to the purposes of data processing, the categories of personal data, where applicable the categories of recipient, the period of storage, where applicable the origin of your data, and where applicable the existence of automated decision-making, including profiling and where applicable meaningful information about its details.
(3) Right to rectification: You can obtain the rectification of inaccurate personal data stored by us or, where they are incomplete, their completion.
(4) Right to erasure: You can obtain the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
(5) Right to restriction of processing: You can obtain the restriction of the processing of your personal data where you contest the accuracy of the personal data, the processing is unlawful but you oppose their erasure. In addition, you have this right where we no longer need the data but you require them for the establishment, exercise or defence of legal claims. Furthermore, you have this right where you have objected to the processing of your personal data.
(6) Right to data portability: You can request that we transmit to you your personal data that you provided to a us in a structured, commonly used and machine-readable format. Alternatively, you can obtain the direct transmission of the personal data provided by you to us to another controller, insofar as this is possible.
(7) Right to lodge a complaint: You can lodge a complaint with the supervisory authority competent for us, e.g. if you believe that we have processed your data in an unlawful manner. The authority competent for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, tel.: +49 3013889-0, email: mailbox@datenschutz-berlin.de.
If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, premature erasure of the data is possible only if erasure is not prevented by contractual or legal obligations.


14. Contact form and email contact

14.1 Description and scope of data processing
Our website contains a contact form that can be used for making electronic contact. If a user exercises this ability, the data entered in the entry field are transmitted to us and stored. These data include:
(1) salutation, title, first name, last name
(2) email address
(3) phone number (landline and/or mobile phone)
Data Protection Policy in accordance with the GDPR 9 of 14
When the message is sent, the following data are also stored:
(1) date and time of registration
During the sending process, your consent is obtained to the processing of the data, and reference is made to this Data Protection Policy.
Alternatively, contact may be made using the provided email address. In that case, the user’s personal data transmitted with the email are stored.
The data are not disclosed to third parties in this regard. The data are used solely for processing the conversation.

14.2 Legal basis for data processing
The legal basis for the processing of data is, provided that the user has consented, Article 6(1)(a) GDPR.
The legal basis for the processing of data that are transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

14.3 Purpose of data processing
The processing of personal data from the entry field serves only to enable us to process the contacting. In the case of contact made by email, this also constitutes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to guarantee the security of our information technology systems.

14.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection. For personal data from the entry field of the contact form and those sent by email, this is then the case where the relevant conversation with the user has ended. The conversion is considered ended when is can be assumed from the circumstances that the relevant matter has been definitively resolved.
The personal data additionally collected during the sending process are erased after seven days, at the latest.

12.5 Option to object and remove
The user may at any time withdraw his or her consent to the processing of personal data. If the user contacts us by email, he or she may object at any time to the storage of his or her personal data. In such case, the conversation may not be continued.
Your rights as data subject
As the subject of data processing, you have the following rights:
Data Protection Policy in accordance with the GDPR 10 of 14
(1) Right to withdraw: You can withdraw consent you have granted at any time. Data processing based on the withdrawn consent may henceforth no longer be continued.
(2) Right to information: You can obtain information about your personal data processed by us. That applies, in particular, to the purposes of data processing, the categories of personal data, where applicable the categories of recipient, the period of storage, where applicable the origin of your data, and where applicable the existence of automated decision-making, including profiling and where applicable meaningful information about its details.
(3) Right to rectification: You can obtain the rectification of inaccurate personal data stored by us or, where they are incomplete, their completion.
(4) Right to erasure: You can obtain the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
(5) Right to restriction of processing: You can obtain the restriction of the processing of your personal data where you contest the accuracy of the personal data, the processing is unlawful but you oppose their erasure. In addition, you have this right where we no longer need the data but you require them for the establishment, exercise or defence of legal claims. Furthermore, you have this right where you have objected to the processing of your personal data.
(6) Right to data portability: You can request that we transmit to you your personal data that you provided to a us in a structured, commonly used and machine-readable format. Alternatively, you can request the direct transmission of the personal data provided by you to us to another controller, insofar as this is possible.
(7) Right to lodge a complaint: You can lodge a complaint with the supervisory authority competent for us, e.g. if you believe that we have processed your data in an unlawful manner. The authority competent for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, tel.: +49 3013889-0, email: mailbox@datenschutz-berlin.de.
If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, premature erasure of the data is possible only if erasure is not prevented by contractual or legal obligations.
In such case, all personal data that were stored in the course of contacting are erased.


15. Rights of the data subject

If personal data of yours is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

15.1 Right to information:
You can obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.
If such processing is taking place, you can request the following information from the controller:
Data Protection Policy in accordance with the GDPR 11 of 14
(1) the purposes for which the personal data are being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if specific information about this is not possible, the criteria used to determine that period;
(5) the existence of the right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether personal data concerning you are transferred to a third country or to an international organisation. In this connection, you can request that you be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
This right to information may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

15.2 Right to rectification
You have the right to rectification and/or completion vis-à-vis the controller where the processed personal data concerning you are inaccurate or incomplete. The controller must carry out the erasure without undue delay.
This right to rectification may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

15.3 Right to restriction of processing
You can obtain restriction of the processing of the personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Article 21(1) GDPR and is has not yet been verified whether the legitimate grounds of the controller override your grounds.
Where the processing of personal data concerning you has been restricted, such data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence
Data Protection Policy in accordance with the GDPR 12 of 14
of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing was restricted under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
This right to restriction of processing may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

15.4 Right to erasure

15.4.1 Duty to erase
You can obtain from the controller the erasure of personal data concerning you without undue delay, and the controller is obligated to erase such data without undue delay where one of the following grounds applies:
(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) you withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) the personal data concerning you have been unlawfully processed.
(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
12.4.2 Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

15.4.3 Exceptions
The right to erasure does not exist where the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to
Data Protection Policy in accordance with the GDPR 13 of 14
in Section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (5) for the establishment, exercise or defence of legal claims.

15.5 Right to be informed
If you asserted your right to rectification, erasure, or restriction of processing vis-à-vis the controller, it is obligated to communicate this to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

15.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

15.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller may no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you also have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you.
Data Protection Policy in accordance with the GDPR 14 of 14
Your right to object may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

15.8 Right to withdraw the declaration of consent required by data protection law
You have the right to withdraw at any time the declaration of consent required by data protection law. The withdrawal of consent does not affect the lawfulness of the processing undertaken on the basis of the consent until withdrawal.

15.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is based on your explicit consent.
However, such decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.
With respect to the cases referred to in (1) and (3), the data controller must implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

15.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint was lodged must inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Contact

Please contact us at any time if you would like to find out what personal data we store about you or if you would like to have it corrected or deleted. If you wish to exercise your rights, in particular the right of revocation or objection, it is sufficient to send us an informal message or an e-mail:

artop GmbH
Christburger Str. 41
10405 Berlin
Germany
e-mail: kontakt@artop.de

Actuality and change of this privacy policy

This privacy policy is currently valid and has the status February 2024.
It may become necessary to amend this data protection declaration as a result of the further development of our website and offers above or due to changes in legal or official requirements.
You can access and print out the current data protection declaration at any time on the website at Data Protection Policy in accordance with the GDPR 2024 (PDF-Download).

This website uses functions of the web analytics service Google Analytics. Provider is the Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". By activating the following link you can deactivate these functions:

Disable Google Analytics cookies

We point out, however, that in this case you may not be able to use all the functions of this website in full. For more information, see Section 7. Privacy Policy for Using Google Analytics in our Privacy Policy.