Privacy Policy

Data Privacy Statement (Website) of Fidlock GmbH in accordance with the Provisions of the GDPR

Protecting your privacy is important to us. We therefore invite you to carefully read the following summary of how our websites www.fidlock.com and other websites, such as FIDLOCK Talks, work. The Data Protection Declaration detailed here corresponds to the guidelines of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). It is intended to provide information about the type, purpose and use of personal data by the website operator FIDLOCK GmbH. However, irrespective of how our websites feature a variety of security measures, complete protection of your data cannot be guaranteed, since it is not possible to completely exclude security flaws on the internet. If you have any concerns regarding the collection of your data, you will find the relevant contact details under Point I.

I. Name and address of the data controller

The data controller within the meaning of the GDPR and other national

data protection laws of the member states, as well as other data protection regulations, is:

FIDLOCK GmbH, Kirchhorster Straße 39, 30659 Hanover Tel.: +49 511 961 593 10 (components) / +49 511 961 593 50 (End customer products), Fax: +49 511 961 593 29 Email: info@fidlock.com (components) / info@fidlock-bike.com (End customer products), Web: www.fidlock.com

In case of questions, information requests, applications, complaints or criticism regarding our data protection, you can contact the data controller named here.

II. Name and address of the Data Protection Officer

Proper implementation of data protection requires the oversight of an external Data Protection Officer. You may also contact them directly with any concerns regarding the processing of your personal data.

The Data Protection Officer of the data controller is:
Mr. Christopher Lenz, employed by backoffice360 GmbH, Gustav-Adolf-Straße 30, 30167 Hanover
Tel.: +49 511 1247 220 , Email: cl@backoffice360.de

III. General Information on Data Processing

1. Scope of Processing of Personal Data

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website as well as our content and services. The personal data of our users are processed regularly subject to the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for material reasons and the respective data processing is permitted or mandatory under law. We only use your personal data within our company. If personal data is disclosed to service providers as part of commissioned data processing, we shall oblige them to comply with the GDPR and the BDSG. We only disclose your data to agencies entitled to receive said information, if we are obliged to do so under law or by court order.

2. Legal Bases for the Processing of Personal Data

Legal basis of data processing:

  • Art. 6 para. 1 lit. a) GDPR: Obtaining consent from the data subject
  • Art. 6 para. 1 lit. b) GDPR: Data processing for the fulfilment of a contract to which the data subject is party or for the implementation of pre-contractual measures
  • Art. 6 para. 1 lit. c) GDPR: Data processing to fulfil a legal obligation to which the data controller is subject
  • Art. 6 para. 1 lit. d) GDPR: Data processing to protect the vital interests of the data subject or another natural person
  • Art. 6 para. 1 it. f) GDPR: Data processing to protect the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail

3. Data Erasure and Duration of Retention 

The personal data of the data subject will be erased or frozen as soon as the purpose of retention no longer applies. Data may also be retained if this is provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. The data will also be frozen or erased if a retention period prescribed by the standards mentioned expires, unless there is a need for further retention of the data for the conclusion or fulfilment of a contract.

4. Employees’ Obligation to Data Protection 

The employees of FIDLOCK GmbH are contractually obliged ensure data protection. 

IV. Data Processing in Connection With Use of Our Online Shop 

1. Description and Scope of Data Processing 
a. Order process 

Should you make a purchase in our online shop, we process the following personal data from you to be able to process your order: 

  • Order number 
  • Last name, first name, 
  • Address (billing and delivery address) 
  • Country 
  • Email address 
  • Phone number 
  • Payment details 
  • Text supplied by the user in the space provided 
As part of the order process, your consent to the processing of this data will be obtained. 

b. Credit check 

In order to prevent abusive behaviour, we reserve the right to send your data to credit agencies to perform a credit check. Our intention in this cases is to obtain creditworthiness-relevant information about your previous payment behaviour, information on assessing the risk of non-payment based on mathematical-statistical methods using address data (scoring) and data to verify your address (check for deliverability). We work together with heidelpay GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany. The legal basis for the credit check is Art. 6 para. 1 lit. f) GDPR. 

The following components of your data will be sent to the credit agency: 

  • First name, last Name 
  • Address (billing and delivery address) 
  • Country 

To the extent permitted by law, we disclose your data to our partner companies who support us in the proper fulfilment of the contract. For their part, these companies are obliged to comply with the applicable data protection regulations, in particular, these companies may only process the data to fulfil their tasks on our behalf and only according to our instructions. 

2. Legal Basis for Data Processing 

The legal basis for the processing and storage of personal data through the use of our online shop is Art. 6 para. 1 lit. b) GDPR. 

3. Purpose of Data Processing Personal 

data is collected, processed and stored in order to identify you as our customer, to process, fulfil and process your order, for correspondence with you, for invoicing, for the processing of any liability claims, to safeguard the technical administration of our website and to manage our customer data. 

4. Duration of Retention 

The personal data collected by us for processing your order will be retained until the end of the statutory retention period and then deleted, unless you have consented to further retention in accordance with Art. 6 para. 1 no. 1 lit. a) GDPR. 

5. Option to Object and Remove 

The collection, processing and retention of personal data is crucial for operation of the online shop. Consequently, there is no option to object on the part of the user. 

V. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing 

Each time our website is accessed, our system automatically collects data and information from the computer system of the computer accessing it. The following data is collected:  

  • Information about the browser type and version used 
  • The user’s operating system 
  • The user’s internet service provider 
  • The IP address of the user 
  • Date and time of access 
  • Websites from which the user’s system accesses our website 
  • Websites accessed by the user’s system through our website 

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. 

2. Legal Basis for Data Processing 
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f) GDPR. 
3. Purpose of Data Processing 
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must be retained for the duration of the session. In this case, log files are used for storage to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR also lies in these purposes. 
4. Duration of Retention 
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Retention beyond this may occur. In this case, the IP addresses of the users are deleted or obscured so that it is no longer possible to associate them with the access client. 
5. Option to Object and Remove
Collection of the data for the provision of the website and the retention of the data in log files is absolutely necessary for operation of the website. Consequently, there is no option to object on the part of the user. 

VI. Use of Cookies 

1. Description and Scope of Data Processing 
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies: 
  • Language settings 
  • Login Information 
  • Screen resolution 
2. Legal Basis for Data Processing 
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f) GDPR. 
3. Purpose of Data Processing 
The purpose of using technically-required cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognised even after a page change. We need cookies for the following applications: 
  • Language settings 
  • Login Information 
  • Screen resolution 
  • Cookie-Accept (Notification Banner)
The user data collected by technically-required cookies are not used to create user profiles. Our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f) GDPR also lies in these purposes. 
4. Duration of Storage, Option to Object and Remove 
Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. 

VII. Newsletter 

1. Description and Scope of Data Processing It is possible to subscribe to a free newsletter. This will inform you regularly by email about new products, events and trade fairs, FIDLOCK Talks events and other news from FIDLOCK. When registering for the newsletter, the data from the input window is transmitted to us. Data collected: 
  • Email address (compulsory) 
  • First and last name (voluntary information) 
  • Company (voluntary information) 
  • Region or time zone (voluntary information) 

In addition, the following data is collected during registration: Date and time of registration For statistical purposes, to recognise reading habits and to personalise content, we also record whether and when the newsletter is opened and which links are clicked. In order to process the data, your consent will be obtained as part of a so-called double opt-in procedure during the registration process and reference will be made to this Data Protection Declaration. The double opt-in procedure means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s email address. No disclosures to third parties are made in connection with data processing for emailing newsletters. The data you enter here will only be used to personalise and email the newsletter. We use various service providers to email the newsletter. The newsletter for our B2B website fidlock.com/components is sent via the emailing service provider CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany. You can view the data protection regulations of the emailing service provider here: https://www.cleverreach.com/de/datenschutz/. 
A commissioned data processing contract in accordance with Art. 28 para. 3 no. 1 GDPR has been concluded with the emailing service provider. The newsletter for our online shop fidlock.com/consumer is sent via the emailing service provider Sendiblue, Köpenicker Str. 126, 10179 Berlin, Germany. You can view the data protection regulations of the emailing service provider here: https://de.sendinblue.com/datenschutz-uebersicht/ A
commissioned data processing contract in accordance with Art. 28 para. 3 no. 1 GDPR has been concluded with the emailing service provider. We use the Google service reCaptcha to determine whether a person or a computer makes a specific entry in our newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, website that you are visiting and on which the Captcha is embedded, the date and duration of the visit, the identification data of the used browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Art. 6 para. 1 lit. f) GDPR. There is a legitimate interest on our part in this data processing, namely to ensure the security of our website and to protect us from automated input (attacks). 
2. Legal Basis for Data Processing 
The legal basis for data processing after the user has registered for the newsletter is Art. 6 para. 1 lit. a) GDPR provided the user has given their consent. Your consent is given on a voluntary basis. However, if you do not want to give your consent, we cannot offer you the newsletter service. 
3. Purpose of Data Processing 
The collection of the user’s email address is used to send the newsletter. The collection of other personal data within the framework of the registration process is intended to prevent misuse of the services or the email address used. For statistical purposes, to recognise reading habits and to personalise content, records are also kept as to whether and when the newsletter is opened and which links are clicked. 
4. Duration of Retention 
The data (e.g. opening and click rates) will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The other personal data of the user collected during the registration process will be deleted one month after receipt of the cancellation and/or revocation of consent, provided that legal provisions or another legitimate interest in the sense of Art. 6 para. 1 lit. f) GDPR does not prevent deletion. In such cases, processing of this data is restricted to the purpose of a potential defence against claims. The same applies to the personal data collected during the registration process from users who have started the double opt-in procedure but have not completed it. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. 
5. Option to Object and Remove 
The newsletter subscription can be cancelled by the respective user at any time. For this purpose,a corresponding link is provided in every newsletter. This also enables revocation of consent to the retention of personal data collected during the registration process. In addition, it is possible to unsubscribe, revoke consent and object to data retention by sending an email to newsletter@fidlock.com. 

VIII. Contact Form and Email Contact 

1. Description and Scope of Data Processing 
Various contact forms are available on our website, which can be used for electronic correspondence. If a user takes advantage of this option, the data entered in the input fields will be sent to us and saved. These data are: 
  • Title 
  • Surname 
  • Specify whether company or private person 
  • Industry 
  • Email 
  • Country 
  • Telephone 
  • Message 
The following data are also saved when the message is sent: Date and time of sending In order to process the data, your consent will be obtained during sending and reference will be made to this Data Protection Declaration. Alternatively, you can contact us via the email address provided. In this case, the user’s personal data sent with the email will be stored. The data will only be used to process the conversation. 

2. Legal Basis for Data Processing 
The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR provided the user has given their consent. The legal basis for processing the data sent during the course of emailing is Art. 6 para. 1 lit. f) GDPR. If the email contact is aimed at concluding a contract, the legal basis for processing is Art. 6 para. 1) lit. b) GDPR. 
3. Purpose of Data Processing 
The processing of the personal data from the input fields is used solely to process the correspondence. If correspondence takes place via email, this also provides the necessary legitimate interest for data processing. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. 
4. Duration of Retention 
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Regarding the personal data from the input fields of the contact form and those sent by email, this is the case when the respective conversation with the user has ceased. The conversation ceases when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending process will also be deleted once the matter has been finally clarified. 
5. Option to Object and Remove 
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to retention of his personal data at any time. In such cases, the conversation cannot be continued. It is possible to revoke consent and object to retention by sending an email to info@fidlock.com. In this case, all personal data that was saved in the course of correspondence will be deleted. 

IX. Events 

1. Description and Scope of Data Processing 
We regularly offer interested parties digital events via our FIDLOCK Talks website. Participation in events requires a user account, which must be set up by registering. Data collected: 
  • Title (compulsory)
  • First and last name (compulsory) 
  • Company (voluntary information) 
  • Email (compulsory) 
  • Password (compulsory) 

In addition, the date and time of registration are also recorded. 
After completing your registration process, you will receive an email in which you must confirm the setup of your user account. This so-called double opt-in procedure is necessary to prevent unwanted registration using someone else’s details. After the user account has been set up, you can register for events on FIDLOCK Talks. You will receive confirmation of participation and a reminder from us by email before the start of the event. The events are hosted using the GoToWebinar tool from LogMeIn Ireland Limited. The details of your user account will be processed by GoToWebinar for your participation and for hosting the event. If you participate via the chat function or address to the audience, these data will also be processed. The transmission and processing of video images of the participants does not occur. Additional GoToWebinar information is available from the provider in the LogMeIn Trust & Privacy Centre at https://www.logmein.com/de/trust 
We have concluded an commissioned data processing contract for FIDLOCK Talks with the provider LogMeIn Ireland Limited. We also offer resources on past events in a media library. 
2. Legal Basis for Data Processing 
Legal basis for the processing of data when registering a user account and participation in events is subject to Art. 6 para. 1 lit. a) GDPR provided consent has been given. 
3. Purpose of Data Processing 
Compulsory information collected when registering a user account is used to plan and organise events and to inform interested parties. The registration itself is used to prevent misuse of the event platform. Data processing in the context of events is only used to provide and host the event. 
4. Duration of Retention 
The user account data and the registration data are retained for as long as the user account is used. Upon request, the user account and the data contained therein can be deleted. Retention beyond this only takes place if statutory provisions require this or a legitimate interest in the sense of Art. 6 para. 1 lit. f) GDPR prevents deletion. If necessary, the data can then be frozen instead of being deleted. A legitimate interest as a purpose is limited to any defence against claims. The user account will be deleted within 14 days. Data collected during an event will only be retained for the duration of the event. Any further processing of the data will only take place with the consent of the data subject. 
5. Option to Object and Remove 
The user account can be terminated by the data subject at any time. You can contact talks@fidlock.com to request erasure. This also enables revocation of consent to the retention of personal data collected during the registration process. 

X. Email Applications 

1. Description and Scope of Data Processing 
We process your personal data that you make available to us, electronically, on the basis of an email application initiated by you and for the purpose of said application. All personal data will be treated as strictly confidential in accordance with the applicable legal data protection regulations and will only be used to process your email application. In the course of your email application, we will collect and process the following personal data: 
  • Last name, first name 
  • Address
  • Phone number 
  • Email address 
  • Application documents (letter of application, curriculum vitae, references, certificates, photo, etc.)

The personal data and files, which you submit, will not be disclosed to third parties unless you have previously given your express consent to disclosure thereof or a legal obligation for said disclosure exists. 
2. Legal Basis of Data Processing 
The legal basis for data processing after your email application has been sent is Art. 6 para. 1) lit. b) GDPR in conjunction with Section 26 para. 1 BDSG, new version. 
3. Purpose of Data Processing 
Your personal application data is collected and processed exclusively for the purpose of filling vacancies within our company. As a rule, your data will only be forwarded to the internal offices and specialist departments of our company responsible for the specific application process. The data and files, which you submit, may be used for administrative matters related to employment, in the event that your application is successful. 
4. Duration of Retention 
Should the application be unsuccessful, we retain the disclosed personal data and files in our applicant database for six months in order to be able to answer subsequent queries about the application. After six months, the data and files will be erased. This does not apply if legal provisions prevent erasure, if further retention is required for evidential purposes or if you have expressly consented to longer retention. If we cannot offer you a current vacancy, but based on your profile we believe that your application might be of interest for future job offers, we will save your personal application data beyond the initial six months, provided you have expressly consented to such retention and use. 
5. Data Security 
We attach great importance to the security of our system and use modern data storage and security techniques to optimise the protection of your data. All systems in which your personal data are stored are protected against access by third parties and are only accessible to a specific group of people in charge of personnel. We would like to point out that we cannot guarantee complete data security when communicating by email. 
6. Option to Object and Remove 
As part of the email application, you can request at any time that individual elements of personal data or files submitted by you be erased. However, we reserve the right to store a limited amount of your data for a limited period of six months in order to be able to comply with legal regulations, in particular the obligation to provide evidence arising from the General Act on Equal Treatment (AGG). The same applies if you wish to withdraw your application. It is possible to revoke consent and object to retention by sending an email to fidlock-gmbh-jobs@m.personio.de. 

XI. Web Analysis by Google Analytics 

1. Scope of Processing of Personal Data 
On our website and other websites www.fidlock.com, we use the software tool Google Analytics to analyse the browsing behaviour of our users. The software places a cookie on the user’s computer (for more on cookies see above). If individual pages of our website are accessed, the following data is stored: 
Two bytes of the IP address of the user’s system used for access 
  • The website accessed 
  • The website from which the user came to the accessed website (referrer) 
  • The sub-pages accessed from the accessed website 
  • The length of stay on the website 
  • The frequency of visits to the website 
  • Information about the browser type and version used 
  • The user’s operating system 

The websites make use of Google Analytics reports on demographic characteristics, in which data from interest-based advertising from Google and visitor data from third parties (e.g. age, gender and interests) are used. This data cannot be traced back to a specific person and can be deactivated at any time via the advert settings. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on behalf of Google. Under no circumstances will Google associate your IP address with other Google data. You can prevent the installation of cookies by setting your browser software accordingly; we would like to point out to you, however, that in this case you may not be able to use all of the functions of this website in full. The software is configured in such a way that IP addresses are not saved in full as 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). This makes it impossible to assign the shortened IP address to the accessing computer. 
2. Legal Bases for the Processing of Personal Data 
The legal basis for the processing of users’ personal data is Art. 6 para. 1) lit. f) GDPR. 
3. Purpose of Data Processing 
By processing the personal data of users, we are able to analyse the browsing behaviour of our users. By evaluating the data obtained in this way, we are able to compile information about the use of the individual components of our website. This helps us to keep improving our websites as well as their user-friendliness. Our legitimate interest in the processing of data in accordance with Art. 6 para. 1 lit. f) GDPR also lies in these purposes. Anonymisation of IP addresses ensures that the user’s interests, with respect to the protection of their personal data, have been given sufficient consideration. 
4. Duration of Retention 
After obscuring/masking the IP address, it is no longer considered to be personal data. Therefore, these masked IP addresses are not automatically erased. 
5. Option to Object and Remove 
You can also prevent Google from collecting the data generated by the cookie, related to your use of the website (incl. your IP address), and from processing of this data by clicking on the following link (Download and install the available browser plug-in from http://tools.google.com/dlpage/gaoptout?hl=de). An opt-out cookie will be set to prevent future collection of your data when you visit this website. You can find more information on this 
at http://tools.google.com/dlpage/gaoptout?hl=de or. 
at http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection). 
We would like to point out that, on this website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses (so-called IP masking). “ 

 XII. Use of Facebook Remarketing 

The so-called “Facebook Pixel” from the Facebook social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used within our online offer. 
Processing takes place on the basis of Art. 6 para. 1 lit. a) GDPR arising from the legitimate interest in the above-mentioned purpose. With the help of the Facebook Pixel, Facebook is able to place the visitors to our online offer within a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to only display those Facebook Ads that we have assigned to those Facebook users who have also shown an interest in our online offers, or who possess certain characteristics (e.g. interests in certain topics or products, which are based on visited webpages), which we send to Facebook (so-called “Custom Audiences”). The Facebook Pixel is also intended to ensure that our Facebook Ads correspond to the potential interests of users and are not annoying. By using the Facebook Pixel, we can also evaluate the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook Ad (so-called “conversion”). The Facebook Pixel is integrated directly by Facebook when you visit our website and can save a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, the visit to our website will be recorded in your profile. The data collected about you remains anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is retained and processed by Facebook meaning it is possible for an association with the respective user profile to be made. The processing of the data by Facebook takes place within the framework of Facebook’s data usage guidelines. Accordingly, you will receive additional information on how the remarketing pixel works, as well as more general information about the display of Facebook Ads, in the data usage guidelines of 
Facebook: https://www.facebook.com/policy.php. 
You can revoke consent for collection by the Facebook pixel and the use of your data to display Facebook ads here. To set which types of advertisements are displayed to you within Facebook, you can visit the page set up by Facebook and follow: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devicesthe instructions for configuring usage-based advertising. You can object to the use of cookies that measure audience reach and are intended for advertising purposes via the deactivation page 
Network Advertising Initiative (http://optout.networkadvertising.org/), as well as the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your- ad-choices/).. 

XIII. Use of Social Media 

Our website uses plugins from various social networks (“Facebook”, “Twitter”, “Instagram”, “YouTube”, “Xing”). The buttons are marked with the logo of the respective social network. When you visit our websites, the corresponding buttons are deactivated or only linked to, so that no data is sent to the social networks unless you click on the buttons. After activation, a direct connection to the respective social networks is established. If you are logged into a social network, this provider can associate your visit with your account. If you do not want this, we recommend that you log out of your account beforehand. If you are not a member of a social network, there is still the possibility that the provider will find out and save your IP address, for example. If you do not want this, you should not click the button. FIDLOCK has no influence on the purpose and scope of data collection or further processing and use of data by the social networks. Regulations on data protection and your associated rights should be available in the respective data protection declarations of the social networks. 

XIV. DoubleClick 

DoubleClick is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). DoubleClick uses cookies to display advertisements of relevance to you. A pseudonymous identification number (ID) is assigned to your browser to check which adverts were displayed in your browser and which adverts were viewed. The use of DoubleClick cookies enables Google and its partner websites to place adverts based on previous visits to our websites or those of third parties on the internet. You can permanently disable this cookie at https://www.google.com/settings/ads/plugin?hl=de. We have included YouTube videos in our online offering that are stored on www.youtube.com and can be played directly from our website. We use the so-called “extended data protection mode” of the provider YouTube to embed videos. According to YouTube, no information about visitors to our website is then stored unless they watch the video. Despite the use of the extended data protection mode, it cannot be ruled out that Google will set a DoubleClick cookie for advertising purposes. You can permanently disable this cookie at https://www.google.com/settings/ads/plugin?hl=de. 

XV. Installation of Third-Party Programs 

If additional programs such as Java Script, Flash® (Adobe), etc. are required for correct playback of the website or the media service, you must first install the respective programs yourself in your capacity as a visitor to the website or the media service. Required software is not installed automatically without consent. However, FIDLOCK GmbH reserves the right to offer the visitor such additional programs without installing them on the visitor’s computer without the visitor’s consent. FIDLOCK GmbH is not obliged to display the website correctly. 

XVI. Rights of the Data Subject 

If your personal data is processed, you are a data subject in the sense of GDPR and you have the following rights vis-à-vis the data controller: 1. Right of Access You can request confirmation from the data controller as to whether personal data relating to you is being processed. If said processing is being performed, you may request disclosure of the following information from the data controller: 
  1. The purposes for which the personal data are being processed; 
  2. The categories of personal data being processed;
  3. The recipients or categories of recipients to whom your personal data has been or will be disclosed; 
  4. The planned duration of the retention of your personal data or, if specific information on this is not possible, criteria for determining the duration of retention; 
  5. The existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the data controller or a right to object to this processing. 
  6. The existence of a right to complain to a supervisory authority; 
  7. All available information about the origin of the data if the personal data are not collected from the data subject; 
  8. The existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject. (Currently not used.) You have the right to request information as to whether your personal data is being transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer. 
2. Right to Rectification 
You have a right to rectification and/or completion over the data controller if the your processed personal data is either incorrect or incomplete. The data controller must perform the rectification immediately. 
3. Right to Restriction of Processing 
You may request the restriction of processing of your personal data under the following conditions: 
  1. If you contest the correctness of your personal data for a period that enables the data controller to check the correctness of the personal data.
  2. The processing is unlawful and you refuse to erase the personal data and instead request that the use of the personal data be restricted; 
  3. The data controller no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or 
  4. If you have lodged an objection to processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons. If the processing of your personal data has been restricted, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State. If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted. 

4. Right to Erasure a. Obligation to Erase 
You can request the data controller to erase your personal data immediately, and the data controller is obliged to erase this data immediately if one of the following reasons applies:
  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed. 
  2. You revoke your consent on which the processing is based in accordance with Art. 6 para. 1) lit. a) or Art. 9 para. 2) lit. a) GDPR and no other legal basis for data processing exists. 
  3. You object to the processing in accordance with Art. 21 para. 1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 para. 2 GDPR. 
  4. Your personal data have been processed unlawfully. 
  5. The erasure of your personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the person responsible is subject. 
  6. Your personal data was collected in relation to the information society services offered in accordance with Art. 8 para. 1 GDPR. 
  7. Notification of Third Parties If the data controller has publicly disclosed your personal data and is then obliged to erase it in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, to notify the data processing controller, with due consideration of the available technology and the implementation costs, that you, the data subject, have requested them to erase all links to said personal data or copies or duplications thereof. 

b. Exceptions 
The right to erasure does not exist if processing is necessary 
  1. To exercise the right to freedom of expression and information; 
  2. To fulfil a legal obligation that requires processing under European Union or Member State law to which the data controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the data controller; 
  3. For reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR; 
  4. For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law mentioned under part a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or 
  5. To assert, exercise or defend legal claims. 

5. Right to Information 
If you have asserted the right to rectification, erasure or restriction of processing against the data controller, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves disproportionate effort. You have the right to be informed about these recipients by the data controller. 
6. Right to Data Portability 
You have the right to receive your personal data about you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another data controller, without hindrance from the data controller who initially received the personal data, provided that 
  1. The processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and 
  2. the processing is performed using automated procedures. In exercising this right, you also have the right to have your personal data transmitted directly from one data controller to another data controller, insofar as this is technically feasible. This must not impinge the freedoms and rights of other people. The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or used to exercise official authority that has been assigned to the data controller. 

7. Right to Object 
You have the right, for reasons arising from your particular circumstances, to object at any time to the processing of your personal data, which is based on Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. The data controller no longer processes your personal data unless he can demonstrate compelling legitimate grounds for said processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purposes of said advertising; this also applies to profiling insofar as it is associated with the aforementioned direct advertising. If you object to data processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the option, in connection with the use of the services of the information society – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means embodying technical specifications. 
8. Right to Revoke the Declaration of Consent Under Data Protection Law 
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of processing performed on the basis of consent up to the point of revocation.
9. Automated Individual Decision-Making Including Profiling 
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly affects you significantly. This does not apply if the decision 
  1. Is necessary for the conclusion or performance of a contract between you and the data controller. 
  2. Is permitted on the basis of legal provisions of the European Union or the Member States to which the data controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms, as well as your legitimate interests or 
  3. Takes place with your express consent. However, these decisions must not be based on special categories of personal data in accordance with Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to safeguard your rights and freedoms, and your legitimate interests, including at the very least your right to seek human intervention on the part of the data controller, to express own opinions and to challenge the decision. 
10. Right to Complain to a Supervisory Authority 
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR. Supervisory authority: 
Lower Saxony State Commissioner for Data Protection Barbara Thiel, Prinzenstraße 5, 30159 Hanover 
Tel.: +49 511 120 45 00, Fax: +49 511 120 45 99, 
Email: poststelle@lfd.niedersachsen.de 

XVII. Changes to the Data Protection Declaration

As the data controller, we reserve the right to change this Data Protection Declaration at any time with regard to the applicable data protection regulations. 
Date: May 2022