Preliminaries

In the following data protection declaration we inform you according to the legal requirements – in particular the European data protection basic regulation (GDPR, full text visible under the URL https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679) – about the processing of personal data by the provider of this website.

Scope of application

This privacy policy applies to the following offers:

– our online presence “Dr. Dr. Jörn Lengsfeld”, available under the Internet domain https://joernlengsfeld.com .

All of these services are collectively referred to as “Services”.

Name and address of the responsible person

The person responsible in terms of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations:


Dr. oec. HSG Dr. phil.
Jörn Lengsfeld
lic. oec. HSG


Frauenbergstraße 33
88339 Bad Waldsee
Baden-Wuerttemberg, Federal Republic of Germany, Europe


Telephone: +49 (0) 7524 5092975
E-Mail: impressum@joernlengsfeld.com
Website: joernlengsfeld.com

General information on data processing

1. Scope of the processing of personal data

In principle, we process personal data of our users only insofar as this is necessary to provide a functional website as well as to provide our contents and services.

The processing of personal data of our users takes place regularly only after receipt of a consent of the user.

An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

In the case where we seek to obtain the data subject’s consent for the processing of personal data, Article 6 Paragraphe 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is a party, the legal basis shall be Article 6 Paragraphe 1 (b) of the EU General Data Protection Regulation (GDPR).

This also applies to data processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the responsible person is subject, Article 6 paragraph 1 (c) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If processing is necessary to protect a legitimate interest of us or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first mentioned interest, Artiel 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing.

3. Data erasure and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply.

The personal data may be stored and processed for a longer time if this has been stipulated by European or national legislators in EU regulations and in laws, regulations or other provisions to which the responsible person is subject.

The continuous processing and storage is permitted by law insofar as it is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims.

This is the case, for example, insofar as a law, regulation or other legal provision imposes documentation or storage obligations, for example such as those prescribed by the German Commercial Code (Handelsgesetzbuch), German Tax Code (Steuergesetzbuch) or German Tax Regulations (Abgabenordnung).

The personal data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Insofar as you have consented to further storage in accordance with Article 6, paragraphe1, first subparagraph, point (a) of the European Data Protection Basic Regulation (DSGVO), longer storage may take place for the duration agreed with you.

4. Disclosure of personal data

We only transfer personal data to third parties on the basis of the applicable legal regulations or if you have given your consent in individual cases.
You can revoke your consent to the transfer of your personal data at any time with effect for the future.

Within the scope of the purposes mentioned here personal data can be passed on to external service providers within and outside the European Union (EU), which are active for us and support us in particular with the provision of our services.

In particular for certain technical processes of the data processing (like for example webhosting or e-mail server hosting) we can make use of the support of external service providers who are beeing granted access to certain personal data in order to provide these services.

These service providers are subject to the legal obligation to comply with all data protection regulations. In addition, these service providers are bound by us to further contractual specifications on data protection. For this purpose, a contract is concluded in accordance with Article 28 paragraph 3 of the EU General Data Protection Regulation (GDPR) and the service provider is contracted as a ‘processor’ in terms of the Regulation.

The contractors are bound to secrecy by us and only process personal data in accordance with our instructions.

Except as explained in this Privacy Policy, we will only disclose your personal data to third parties without your express consent if we are required to do so by law, regulation or other legal provision or by official or court order.

5. Data Transmission

We use the Secure Socket Layer (SSL) coding system to provide our website.
However, we expressly point out that data transmission over the Internet (for example, when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties may not be possible in all cases.

6. External links (links to websites of third parties)

This website may contain links to external websites which are not subject to this data protection declaration. We are not responsible for the privacy practices of third party websites to which we link. We encourage you to familiarize yourself with the privacy policies of such websites before submitting any information to them.

Provision of the website and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Date and time of access

In addition, the following information of the accessing computer system:
Internet protocol address used (IP address),

Browser type and version,
device type
operating system
and similar technical information.

The data is also stored in the log files of our system.

2. Legal basis for the processing of personal data

The legal basis for the temporary storage of data and log files is Article 6 Paragraph 1 (f) of the EU General Data Protection Regulation (GDPR).

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer.
For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Article 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR).

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
With regard to the collection of data necessary for the delivery of the website, this is the case at the end of the respective session.
With regard to the data stored in log files, this is the case after one day at the latest.
A longer period of storage is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the accessing client is no longer possible.

5. Right of objection and removal

The collection of data for the delivery of the website and the storage of data in log files is absolutely necessary for the operation of the website.
Consequently, there is no possibility of objection on the part of the user.

Contact via e-mail

1. Description and scope of data processing

You can contact us via the e-mail addresses provided on the website. In this case, the user’s personal data transmitted by e-mail will be stored.
In this respect, the data will not be passed on to third parties.
The data is used exclusively for processing the conversation.

2. Legal basis for data processing

If the user’s consent is obtained, the legal basis for the data processing is Article 6 Paragraphe 1 (a) of the EU General Data Protection Regulation (GDPR).

The legal basis for the processing of data transmitted by e-mail is Article 6 Paragraphe 1 (f) of the EU General Data Protection Regulation (GDPR).

If the establishment of contact by means of contact form or by e-mail aims at the performance of pre-contractual measures which take place at your request or, if a contractual relationship already exists, for the performance of the contract, the legal basis for this data processing is Article 6 Paragraphe 1 (b) of the EU General Data Protection Regulation (GDPR).

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the responsible person is subject, Article 6 paragraph 1 (c) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

3. Purpose of data processing

The processing of the personal data from the input mask serves us solely for the processing of the inquiry as well as for the case that follow-up questions arise.

A processing of the personal data transmitted by you is necessary for the purpose of processing your request.

The processing of personal data from a contact by e-mail serves us solely for the processing of the inquiry as well as for the case that follow-up questions arise.

In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

If the establishment of contact by means of contact form or by e-mail aims at the performance of pre-contractual measures which take place at your request, or, if a contractual relationship already exists, the inquiry takes place in connection with the execution of the contract, then this is the purpose of the data processing.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

With regard to the personal data from the input mask of the contact form and those sent by e-mail, this is – if there is no connection to the performance of pre-contractual measures or an existing contractual relationship – the case when the respective conversation with the user has ended.

The conversation is terminated when it can be inferred from the circumstances that the matter in question has been finally resolved.

The personal data may be stored for a longer time if this has been stipulated by European or national legislators in EU regulations and in laws, regulations or other provisions to which the responsible person is subject.

The continuous processing and storage is permitted by law insofar as it is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims.
This is the case, for example, insofar as a law, regulation or other legal provision imposes documentation or storage obligations, for example such as those prescribed by the German Commercial Code (Handelsgesetzbuch), German Tax Code (Steuergesetzbuch) or German Tax Regulations (Abgabenordnung).

The personal data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Insofar as you have consented to further storage in accordance with Article 6, paragraphe1, first subparagraph, point (a) of the European Data Protection Basic Regulation (DSGVO), longer storage may take place for the duration agreed with you.

5. Right of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time.

If the user contacts us by e-mail, he can object to the storage of his personal data at any time.

In this event, the conversation cannot be continued.

All personal data stored in the course of the communication established by the user‘s contact attempt will be deleted in this event, except in the case where continuous processing and storage is provided for by law to fulfil a legal obligation or to assert, exercise or defend legal claims.

Contact via mail letter

1. Description and scope of data processing

If you write a letter to us, the document, the data transmitted by you (for example: surname, first name, address) and the information contained in the letter (if applicable the personal data transmitted by you) will be processed, archived and, if applicable, stored for the purpose of establishing contact and processing your request.

2. Legal basis for data processing

The legal basis for processing users’ personal data is Article 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR).

If the contact initiated by you via letter aims at the implementation of pre-contractual measures or is connected with a contract to which the data subject is a party, Article 6 paragraph 1 (b) of the the EU General Data Protection Regulation (GDPR) serves as the legal basis.

3. Purpose of data processing

The processing of personal data from a contact by letter serves us solely for the processing of the inquiry as well as for the case that follow-up questions arise.

In the event of contact by letter, this also constitutes the necessary legitimate interest in the processing of the data.

If the establishment of contact by letter aims at the performance of pre-contractual measures which take place at your request, or, if a contractual relationship already exists, the inquiry takes place in connection with the execution of the contract, then this is the purpose of the data processing.

4. Duration of storage

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply.

The personal data may be stored and processed for a longer time if this has been stipulated by European or national legislators in EU regulations and in laws, regulations or other provisions to which the responsible person is subject.

The continuous processing and storage is permitted by law insofar as it is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims.

This is the case, for example, insofar as a law, regulation or other legal provision imposes documentation or storage obligations, for example such as those prescribed by the German Commercial Code (Handelsgesetzbuch), German Tax Code (Steuergesetzbuch) or German Tax Regulations (Abgabenordnung).

The personal data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Insofar as you have consented to further storage in accordance with Article 6, paragraphe1, first subparagraph, point (a) of the European Data Protection Basic Regulation (DSGVO), longer storage may take place for the duration agreed with you.

5. Right of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time.
If the user contacts us by letter, he can object to the storage of his personal data at any time.
In this event, the conversation cannot be continued.

All personal data stored in the course of the communication established by the user‘s contact attempt will be deleted in this event, except in the case where continuous processing and storage is provided for by law to fulfil a legal obligation or to assert, exercise or defend legal claims.

Web analysis by Matomo (formerly PIWIK)

1. Description and scope of data processing

On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our user.

If individual pages of our website are accessed, the following data is stored:
(1) Two bytes of the IP address of the user’s accessing system
(2) The accessed website
(3) The website from which the user has accessed the accessed website (referrer)
(4) The sub-pages accessed from the accessed website
(5) The time spent on the website
(6) The frequency with which the website is accessed.
(7) Some Informations of the accessing computersystem (browser type, browser version, type of device, operating system, screen resolution)
(8) The date and time of the access
(9) The presumed location (particularly the country) form which the access takes palce, whereby the assumption is based on the collected data

The software runs exclusively on the servers of our website.
The personal data of users is only stored there.

2. Legal basis for data processing

The legal basis for processing users’ personal data is Article 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR).

3. Purpose of data processing

The processing of the personal data of the users enables us to analyse the surfing behaviour of our users.

By analysing the collected data, we are able to compile information about the use of the individual components of our website.

This helps us to continuously improve our website and its user-friendliness.

These purposes also constitute our legitimate interest in the processing of the data in accordance with Article 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR).

By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

4. Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes.
In our case, this is the case after 12 months .

5. Right of objection and removal

If you also disagree with a completely anonymous storage and evaluation of this data from your visit, you can object to its storage and use at any time by clicking on the opt-out link.

We offer our users on our website the possibility of an opt-out from the analysis procedure.
To do this, you must follow the corresponding link.

In this way, another cookie, an opt-out cookie, is placed on your system, which signals to our system not to store the user’s data.

If the user deletes the opt-out cookie, from his own system in the meantime, he must set the opt-out cookie again.

Contractual relationships

1. Description and scope of data processing

We process personal data for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.

For the initiation, establishment and implementation of such a contractual relationship, the provision of personal data of the contracting parties is required. If you do not provide your personal data, it may not be possible to establish and implement the contractual relationship.
Relevant personal data of the contractual partner can be:
– Salutation, first name, surname, title, profession, position,
– Address,
– Telephone number (landline and/or mobile)
– E-mail address,
– Account numbers and/or credit card numbers.

During the performance of the contract (for example in e-mails, letters, invoices or payment transactions) further data (typical for the type of contract) may accumulate, without which performance of the contract would be impossible.

2. Legal basis for data processing

The legal basis for the processing of personal data is Article 6 Paragraphe 1 (b) of the EU General Data Protection Regulation (GDPR).

In the case where we seek to obtain the data subject’s consent for the processing of personal data, Article 6 Paragraphe 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the responsible person is subject, Article 6 paragraph 1 (c) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

3. Purpose of data processing

The processing of data is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.

4. Duration of storage

The personal data collected in the course of the performance of pre-contractual measures or the performance of a contractual relationship will be stored for the duration of the pre-contractual measures or the contractual relationship and subsequently deleted, unless at least one of the following conditions is fulfilled, which makes longer storage necessary.

The personal data may be stored for a longer time if this has been stipulated by European or national legislators in EU regulations and in laws, regulations or other provisions to which the responsible person is subject.

The personal data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Insofar as you have consented to further storage in accordance with Article 6, paragraphe1, first subparagraph, point (a) of the European Data Protection Basic Regulation (DSGVO), longer storage may take place for the duration agreed with you.

5. Right of objection and removal

If you do not provide your personal data, the performance of pre-contractual measures and the establishment and performance of the contractual relationship may not be possible.

Consent given to the processing of personal data can be revoked at any time. The revocation is only effective for the future.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the data controller is subject (such as statutory documentation and storage obligations) or to assert, exercise or defend legal claims, there is no possibility of objection on the part of the data subject.

Rights of the data subject

If personal data concerning your person are processed, you are affected in the sense of the EU General Data Protection Regulation (GDPR) and you are entitled to the following rights vis-à-vis the person responsible:

– Right of access by the data subject (Article 15 GDPR)
– Right to rectification (Article 16 GDPR)
– Right to erasure (‘right to be forgotten’) (Article 17 GDPR)
– Right to restriction of processing (Article 18 GDPR)
– Right to object (Article 21 GDPR)
– Right to data portability (Article 20 DSGVO)
– Right for Notification (Article 19 GDPR)
– Right to revoke the declaration of consent (Article 13 GDPR)

The restrictions according to § 34 and § 35 of the German Federal Data Protection Act („Bundesdatenschutzgesetz“ BDSG) apply to the right of access by the data subject and the right to erasure (‘right to be forgotten’).

Furthermore it exists the right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with § 19 Bundesdatenschutzgesetz BDSG).

Right of access by the data subject (Article 15 GDPR)

1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

Right to rectification (Article 16 GDPR)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’) (Article 17 GDPR)

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) for the establishment, exercise or defence of legal claims.

Right to restriction of processing (Article 18 GDPR)

1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

Right for Notification (Article 19 GDPR)

(Notification obligation regarding rectification or erasure of personal data or restriction of processing)

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform the data subject about those recipients if the data subject requests it.

Right to data portability (Article 20 DSGVO)

1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
(b) the processing is carried out by automated means.
2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Right to object (Article 21 GDPR)

1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

Right to revoke the declaration of consent (Article 13 GDPR)

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

Automated individual decision-making, including profiling (Article 22 GDPR)

1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
2. Paragraph 1 shall not apply if the decision:
(a) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
(b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(c) is based on the data subject’s explicit consent.
3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

1. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
2. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.

Disclosure / Passing of personal data

We only transfer personal data to third parties on the basis of the applicable legal regulations or if you have given your consent in individual cases.

You can revoke your consent to the transfer of your personal data at any time with effect for the future.

Within the scope of the purposes mentioned here personal data are passed on to external service providers within and outside the European Union (EU), which are active for us and support us in particular with the provision of our services.

In particular for certain technical processes of the data processing, like for example webhosting or e-mail server hosting, we make use of the support of external service providers who are beeing granted access to certain personal data in order to provide these services.

These service providers are subject to the legal obligation to comply with all data protection regulations. In addition, these service providers are bound by us to further contractual specifications on data protection. For this purpose, a contract is concluded in accordance with Article 28 paragraph 3 of the EU General Data Protection Regulation (GDPR) and the service provider is contracted as a ‘processor’ in terms of the Regulation.

The contractors are bound to secrecy by us and only process personal data in accordance with our instructions.

Except as explained in this Privacy Policy, we will only disclose your personal data to third parties without your express consent if we are required to do so by law, regulation or other legal provision or by official or court order.

Status of the data protection declaration

This data protection declaration is currently valid and has the status as of August 2018.

Due to the further development of our website e or due to changed legal or official requirements, it may become necessary to change this data protection declaration.

The data protection declaration can be changed at any time.

You can call up and print out the current data protection declaration at any time on the website under www.joernlengsfeld.com/en/privacy-policy