Privacy policy

This privacy policy ("Policy") describes how SICS Stefan Ilchen Consulting and Services ("SICS Stefan Ilchen Consulting and Services", "we", "us" or "our") collects, protects and uses the personally identifiable information ("Personal Information") you ("User", "you" or "your") may provide on the ilchen.de website and any of its products or services (collectively, "Website" or "Services"). It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Collection of personal information

We receive and store any information you knowingly provide to us when you fill any online forms on the Website. You can choose not to provide us with certain information, but then you may not be able to take advantage of some of the Website's features. Users who are uncertain about what information is mandatory are welcome to contact us. In case personel data will be collected, the affected parties therefore have the following rights under the DSGVO at their disposal: a) Right of access - Art. 15 DSGVO: The right of access gives the data subject full access to the data that concern him or her and to some other important criteria, such as the purposes of the processing or the duration of the retention. The exceptions to this right regulated in § 34 BDSG apply. b) Right to rectification - Art. 16 DSGVO: The right of rectification includes the possibility for the data subject to have inaccurate personal data corrected. c) Right to cancellation - Art. 17 DSGVO: The right to deletion includes the possibility for the data subject to have data deleted by the person responsible. However, this is only possible if the personal data concerning him are no longer necessary, are processed unlawfully or if consent has been revoked. The exceptions to this right regulated in § 35 BDSG apply. d) Right to limitation of processing - Art. 18 DSGVO: The right to limit the processing includes the possibility for the data subject to prevent further processing of personal data concerning him/her for the time being. A restriction occurs primarily during the examination phase of other rights exercised by the data subject. e) Right to data transferability - Art. 20 DSGVO: The right to data transfer includes the possibility for the data subject to obtain the personal data concerning him from the responsible person in a common, machine-readable format, in order to have them forwarded to another responsible person if necessary. However, pursuant to Art. 20 para. 3 sentence 2 DSGVO, this right is not available if the data processing serves the performance of public tasks. f) Right to object - Art. 21 DSGVO: The right to object includes the possibility for data subjects in a particular situation to object to the further processing of their personal data, insofar as this is justified by the exercise of public functions or public or private interests. The exceptions to this right regulated in § 36 BDSG apply. Acc to Art. 6: Lawfulness of the processing 1. Processing shall be lawful only if at least one of the following conditions is met: a) The data subject has given his consent to the processing of his personal data for one or more specific purposes; b) the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject; f) processing is necessary to safeguard the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular where the data subject is a child. Acc. to Art. 13: Obligation to provide information when personal data are collected from the data subject 1. Where personal data are collected from the data subject, the controller shall provide the data subject with the following information at the time of collection: a) the name and contact details of the person responsible and, where appropriate, his representative; b) where appropriate, the contact details of the Data Protection Officer; c) the purposes for which the personal data are to be processed and the legal basis for the processing; d) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the controller or by a third party; e) where appropriate, the recipients or categories of recipients of the personal data; and f) where appropriate, the intention of the controller to transfer the personal data to a third country or an international organisation and the existence or absence of a Commission adequacy decision or, in the case of transfers pursuant to Article 46 or Article 47 or the second subparagraph of Article 49(1), a reference to the appropriate or proportionate safeguards and the possibility of obtaining a copy of them or where they are available. 2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following additional information at the time the data are collected, which is necessary to ensure fair and transparent processing: a) the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; b) the existence of a right of access by the data controller to the personal data concerned and of the right of rectification or erasure or of limitation of the processing or of a right of opposition to the processing and of the right to data transfer; c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of a right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation; d) the existence of a right of appeal to a supervisory authority; e) whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether the data subject is obliged to provide the personal data and the possible consequences of not providing the personal data; and f) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. 3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, he shall provide the data subject with information about that other purpose and any other relevant information referred to in paragraph 2 prior to such further processing. 4. Paragraphs 1, 2 and 3 shall not apply if and to the extent that the data subject already holds the information. Acc. to Art. 14: Duty to provide information if the personal data were not collected from the data subject 1. Where personal data are not collected from the data subject, the controller shall inform the data subject of the following: a) the name and contact details of the person responsible and, where appropriate, his representative; b) in addition, the contact details of the data protection officer; c) the purposes for which the personal data are to be processed and the legal basis for the processing; d) the categories of personal data to be processed; e) where appropriate, the recipients or categories of recipients of the personal data; f) where appropriate, the intention of the controller to transfer the personal data to a recipient in a third country or an international organisation and the existence or absence of a decision by the Commission on adequacy or, in the case of transfers pursuant to Article 46 or Article 47 or the second subparagraph of Article 49(1), a reference to the appropriate or proportionate safeguards and the possibility of obtaining a copy of them or where they are available. 2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing vis-à-vis the data subject: a) the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; b) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the controller or by a third party; c) the existence of a right of access by the data controller to the personal data concerned and of the right to rectification or erasure or to limit the processing and to object to the processing and to transfer the data; d) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of a right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation; e) the existence of a right of appeal to a supervisory authority; f) the source from which the personal data originate and, where appropriate, whether they originate from publicly available sources; g) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. 3. The controller shall provide the information in accordance with paragraphs 1 and 2 a) taking into account the specific circumstances of the processing of the personal data, within a reasonable time after obtaining the personal data, but not later than one month, b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to the data subject, or, c) if disclosure to another recipient is intended, at the latest at the time of the first disclosure. 4. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, he shall provide the data subject with information about that other purpose and any other relevant information referred to in paragraph 2 prior to such further processing. 5. Paragraphs 1 to 4 shall not apply if and to the extent that a) the data subject already has the information, b) the provision of such information proves impossible or would require a disproportionate effort, in particular for processing for archival purposes in the public interest, for scientific or historical research or for statistical purposes, subject to the conditions and guarantees referred to in Article 9(1), or where the obligation referred to in paragraph 1 of this Article is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing In such cases, the controller shall take appropriate measures to protect the rights and freedoms and the legitimate interests of the data subject, including the making available of such information to the public, c) obtaining or disclosure by legislation of the Union or of the Member States to which the person responsible is subject and which provides for appropriate measures to protect the data subject's legitimate interests. Acc. to Art. 15: Right of the data subject to obtain information 1. The data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him or her are being processed; if so, he or she shall have the right of access to such personal data and to the following information: a) the processing purposes; b) the categories of personal data to be processed; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; e) the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing by the controller or of a right to object to such processing; f) the existence of a right of appeal to a supervisory authority; g) if the personal data are not collected from the data subject, any available information on the origin of the data; h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. 2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards in accordance with Article 46 in connection with the transfer. 3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. Where the data subject submits the request by electronic means, the information shall be made available in a common electronic format, unless the data subject indicates otherwise. 4. The right to receive a copy in accordance with paragraph 3 shall not prejudice the rights and freedoms of other persons. Acc. to Art. 16: Right to rectification The data subject shall have the right to obtain from the controller without delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary statement. Acc. to Art. 17 Right to cancellation ("right to be forgotten") 1. The data subject shall have the right to obtain from the controller the erasure without delay of personal data relating to him or her and the controller shall be obliged to erase without delay personal data for any of the following reasons: a) Personal data are no longer necessary for the purposes for which they were collected or otherwise processed. b) The data subject shall revoke the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there shall be no other legal basis for the processing. c) The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to Article 21(2). d) Personal data have been processed unlawfully. e) The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject. f) The personal data were collected in relation to information society services offered in accordance with Article 8(1). 2. Where the controller has made the personal data public and is obliged to erase them in accordance with paragraph 1, he shall take reasonable measures, including measures of a technical nature, taking into account the technology available and the costs of implementation, to inform data controllers processing the personal data that a data subject has requested them to erase all links to or copies or replications of those personal data. 3. Paragraphs 1 and 2 shall not apply in so far as processing is necessary a) on the exercise of freedom of expression and information; b) to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller; c) on grounds of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3); d) for archival, scientific or historical research purposes in the public interest or for statistical purposes as referred to in Article 89(1), where the law referred to in paragraph 1 is likely to make it impossible or seriously prejudicial to the attainment of the objectives of such processing, or e) to assert, exercise or defend legal claims. Acc. to Art. 18: Right to limitation of processing 1. The data subject shall have the right to require the controller to restrict the processing if one of the following conditions is met: a) the accuracy of the personal data is contested by the data subject for a period of time which enables the data controller to verify the accuracy of the personal data, b) the processing is unlawful and the data subject refuses to erase the personal data and instead requests the restriction of the use of the personal data; c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the assertion, exercise or defence of legal claims, or d) the data subject has objected to the processing referred to in Article 21(1) before it has been established whether the controller's legitimate reasons outweigh those of the data subject. 2. Where processing has been restricted in accordance with paragraph 1, such personal data shall not be processed, other than with the consent of the data subject or for the purpose of the institution, exercise or defence of legal rights or the protection of the rights of another natural or legal person, or for reasons of an important public interest of the Union or of a Member State, except with regard to their storage. 3. A data subject who has obtained a restriction on processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted. Acc. to Art. 19: Obligation to notify in connection with the rectification or erasure of personal data or the limitation of processing The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or of any limitation of processing in accordance with Articles 16, 17(1) and 18, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients when requested to do so by the data subject. And further relevant Art.

Collection of non-personal information

When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device's IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.

Use and processing of collected information

Any of the information we collect from you may be used to personalize your experience; improve our Website; improve customer service and respond to queries and emails of our customers; run and operate our Website and Services. Non-Personal Information collected is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system. We may process Personal Information related to you if one of the following applies: (i) You have given your consent for one or more specific purposes. Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. This, however, does not apply, whenever the processing of Personal Information is subject to European data protection law; (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) Processing is necessary for compliance with a legal obligation to which you are subject; (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Information transfer and storage

Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with us using the information provided in the contact section. The rights of users You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following: (i) you have the right to withdraw consent where you have previously given your consent to the processing of your information; (ii) you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent; (iii) you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing; (iv) you have the right to verify the accuracy of your information and ask for it to be updated or corrected; (v) you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it; (vi) you have the right, under certain circumstances, to obtain the erasure of your Personal Information from us; (vii) you have the right to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof. The right to object to processing Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this document. How to exercise these rights Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month. Privacy of children We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through our Website or Service. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website or Service without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through our Website or Service, please contact us. You must also be at least 16 years of age to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf). Cookies The Website uses "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. We may use cookies to collect, store, and track information for statistical purposes to operate our Website and Services. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To learn more about cookies and how to manage them, visit internetcookies.org Do Not Track signals Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, this Website is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your personal information. Affiliates We may disclose information about you to our affiliates for the purpose of being able to offer you related or additional products and services. Any information relating to you that we provide to our affiliates will be treated by those affiliates in accordance with the terms of this Privacy Policy. Links to other websites Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third-parties. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect Personal Information. Information security We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts. Data breach In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website. Changes and amendments We reserve the right to modify this Policy relating to the Website or Services at any time, effective upon posting of an updated version of this Policy on the Website. When we do we will send you an email to notify you. Continued use of the Website after any such changes shall constitute your consent to such changes. Acceptance of this policy You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the Website or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services. Contacting us If you have any questions about this Policy, please contact us.
SICS Stefan Ilchen Consulting and Services

Privacy policy

This privacy policy ("Policy") describes how SICS Stefan Ilchen Consulting and Services ("SICS Stefan Ilchen Consulting and Services", "we", "us" or "our") collects, protects and uses the personally identifiable information ("Personal Information") you ("User", "you" or "your") may provide on the ilchen.de website and any of its products or services (collectively, "Website" or "Services"). It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Collection of personal

information

We receive and store any information you knowingly provide to us when you fill any online forms on the Website. You can choose not to provide us with certain information, but then you may not be able to take advantage of some of the Website's features. Users who are uncertain about what information is mandatory are welcome to contact us. In case personel data will be collected, the affected parties therefore have the following rights under the DSGVO at their disposal: a) Right of access - Art. 15 DSGVO: The right of access gives the data subject full access to the data that concern him or her and to some other important criteria, such as the purposes of the processing or the duration of the retention. The exceptions to this right regulated in § 34 BDSG apply. b) Right to rectification - Art. 16 DSGVO: The right of rectification includes the possibility for the data subject to have inaccurate personal data corrected. c) Right to cancellation - Art. 17 DSGVO: The right to deletion includes the possibility for the data subject to have data deleted by the person responsible. However, this is only possible if the personal data concerning him are no longer necessary, are processed unlawfully or if consent has been revoked. The exceptions to this right regulated in § 35 BDSG apply. d) Right to limitation of processing - Art. 18 DSGVO: The right to limit the processing includes the possibility for the data subject to prevent further processing of personal data concerning him/her for the time being. A restriction occurs primarily during the examination phase of other rights exercised by the data subject. e) Right to data transferability - Art. 20 DSGVO: The right to data transfer includes the possibility for the data subject to obtain the personal data concerning him from the responsible person in a common, machine-readable format, in order to have them forwarded to another responsible person if necessary. However, pursuant to Art. 20 para. 3 sentence 2 DSGVO, this right is not available if the data processing serves the performance of public tasks. f) Right to object - Art. 21 DSGVO: The right to object includes the possibility for data subjects in a particular situation to object to the further processing of their personal data, insofar as this is justified by the exercise of public functions or public or private interests. The exceptions to this right regulated in § 36 BDSG apply. Acc to Art. 6: Lawfulness of the processing 1. Processing shall be lawful only if at least one of the following conditions is met: a) The data subject has given his consent to the processing of his personal data for one or more specific purposes; b) the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject; f) processing is necessary to safeguard the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular where the data subject is a child. Acc. to Art. 13: Obligation to provide information when personal data are collected from the data subject 1. Where personal data are collected from the data subject, the controller shall provide the data subject with the following information at the time of collection: a) the name and contact details of the person responsible and, where appropriate, his representative; b) where appropriate, the contact details of the Data Protection Officer; c) the purposes for which the personal data are to be processed and the legal basis for the processing; d) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the controller or by a third party; e) where appropriate, the recipients or categories of recipients of the personal data; and f) where appropriate, the intention of the controller to transfer the personal data to a third country or an international organisation and the existence or absence of a Commission adequacy decision or, in the case of transfers pursuant to Article 46 or Article 47 or the second subparagraph of Article 49(1), a reference to the appropriate or proportionate safeguards and the possibility of obtaining a copy of them or where they are available. 2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following additional information at the time the data are collected, which is necessary to ensure fair and transparent processing: a) the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; b) the existence of a right of access by the data controller to the personal data concerned and of the right of rectification or erasure or of limitation of the processing or of a right of opposition to the processing and of the right to data transfer; c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of a right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation; d) the existence of a right of appeal to a supervisory authority; e) whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether the data subject is obliged to provide the personal data and the possible consequences of not providing the personal data; and f) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. 3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, he shall provide the data subject with information about that other purpose and any other relevant information referred to in paragraph 2 prior to such further processing. 4. Paragraphs 1, 2 and 3 shall not apply if and to the extent that the data subject already holds the information. Acc. to Art. 14: Duty to provide information if the personal data were not collected from the data subject 1. Where personal data are not collected from the data subject, the controller shall inform the data subject of the following: a) the name and contact details of the person responsible and, where appropriate, his representative; b) in addition, the contact details of the data protection officer; c) the purposes for which the personal data are to be processed and the legal basis for the processing; d) the categories of personal data to be processed; e) where appropriate, the recipients or categories of recipients of the personal data; f) where appropriate, the intention of the controller to transfer the personal data to a recipient in a third country or an international organisation and the existence or absence of a decision by the Commission on adequacy or, in the case of transfers pursuant to Article 46 or Article 47 or the second subparagraph of Article 49(1), a reference to the appropriate or proportionate safeguards and the possibility of obtaining a copy of them or where they are available. 2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing vis-à-vis the data subject: a) the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; b) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the controller or by a third party; c) the existence of a right of access by the data controller to the personal data concerned and of the right to rectification or erasure or to limit the processing and to object to the processing and to transfer the data; d) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of a right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation; e) the existence of a right of appeal to a supervisory authority; f) the source from which the personal data originate and, where appropriate, whether they originate from publicly available sources; g) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. 3. The controller shall provide the information in accordance with paragraphs 1 and 2 a) taking into account the specific circumstances of the processing of the personal data, within a reasonable time after obtaining the personal data, but not later than one month, b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to the data subject, or, c) if disclosure to another recipient is intended, at the latest at the time of the first disclosure. 4. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, he shall provide the data subject with information about that other purpose and any other relevant information referred to in paragraph 2 prior to such further processing. 5. Paragraphs 1 to 4 shall not apply if and to the extent that a) the data subject already has the information, b) the provision of such information proves impossible or would require a disproportionate effort, in particular for processing for archival purposes in the public interest, for scientific or historical research or for statistical purposes, subject to the conditions and guarantees referred to in Article 9(1), or where the obligation referred to in paragraph 1 of this Article is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing In such cases, the controller shall take appropriate measures to protect the rights and freedoms and the legitimate interests of the data subject, including the making available of such information to the public, c) obtaining or disclosure by legislation of the Union or of the Member States to which the person responsible is subject and which provides for appropriate measures to protect the data subject's legitimate interests. Acc. to Art. 15: Right of the data subject to obtain information 1. The data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him or her are being processed; if so, he or she shall have the right of access to such personal data and to the following information: a) the processing purposes; b) the categories of personal data to be processed; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; e) the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing by the controller or of a right to object to such processing; f) the existence of a right of appeal to a supervisory authority; g) if the personal data are not collected from the data subject, any available information on the origin of the data; h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. 2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards in accordance with Article 46 in connection with the transfer. 3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. Where the data subject submits the request by electronic means, the information shall be made available in a common electronic format, unless the data subject indicates otherwise. 4. The right to receive a copy in accordance with paragraph 3 shall not prejudice the rights and freedoms of other persons. Acc. to Art. 16: Right to rectification The data subject shall have the right to obtain from the controller without delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary statement. Acc. to Art. 17 Right to cancellation ("right to be forgotten") 1. The data subject shall have the right to obtain from the controller the erasure without delay of personal data relating to him or her and the controller shall be obliged to erase without delay personal data for any of the following reasons: a) Personal data are no longer necessary for the purposes for which they were collected or otherwise processed. b) The data subject shall revoke the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there shall be no other legal basis for the processing. c) The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to Article 21(2). d) Personal data have been processed unlawfully. e) The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject. f) The personal data were collected in relation to information society services offered in accordance with Article 8(1). 2. Where the controller has made the personal data public and is obliged to erase them in accordance with paragraph 1, he shall take reasonable measures, including measures of a technical nature, taking into account the technology available and the costs of implementation, to inform data controllers processing the personal data that a data subject has requested them to erase all links to or copies or replications of those personal data. 3. Paragraphs 1 and 2 shall not apply in so far as processing is necessary a) on the exercise of freedom of expression and information; b) to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller; c) on grounds of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3); d) for archival, scientific or historical research purposes in the public interest or for statistical purposes as referred to in Article 89(1), where the law referred to in paragraph 1 is likely to make it impossible or seriously prejudicial to the attainment of the objectives of such processing, or e) to assert, exercise or defend legal claims. Acc. to Art. 18: Right to limitation of processing 1. The data subject shall have the right to require the controller to restrict the processing if one of the following conditions is met: a) the accuracy of the personal data is contested by the data subject for a period of time which enables the data controller to verify the accuracy of the personal data, b) the processing is unlawful and the data subject refuses to erase the personal data and instead requests the restriction of the use of the personal data; c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the assertion, exercise or defence of legal claims, or d) the data subject has objected to the processing referred to in Article 21(1) before it has been established whether the controller's legitimate reasons outweigh those of the data subject. 2. Where processing has been restricted in accordance with paragraph 1, such personal data shall not be processed, other than with the consent of the data subject or for the purpose of the institution, exercise or defence of legal rights or the protection of the rights of another natural or legal person, or for reasons of an important public interest of the Union or of a Member State, except with regard to their storage. 3. A data subject who has obtained a restriction on processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted. Acc. to Art. 19: Obligation to notify in connection with the rectification or erasure of personal data or the limitation of processing The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or of any limitation of processing in accordance with Articles 16, 17(1) and 18, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients when requested to do so by the data subject. And further relevant Art.

Collection of non-personal

information

When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device's IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.

Use and processing of

collected information

Any of the information we collect from you may be used to personalize your experience; improve our Website; improve customer service and respond to queries and emails of our customers; run and operate our Website and Services. Non-Personal Information collected is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system. We may process Personal Information related to you if one of the following applies: (i) You have given your consent for one or more specific purposes. Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. This, however, does not apply, whenever the processing of Personal Information is subject to European data protection law; (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) Processing is necessary for compliance with a legal obligation to which you are subject; (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Information transfer and

storage

Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with us using the information provided in the contact section. The rights of users You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following: (i) you have the right to withdraw consent where you have previously given your consent to the processing of your information; (ii) you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent; (iii) you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing; (iv) you have the right to verify the accuracy of your information and ask for it to be updated or corrected; (v) you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it; (vi) you have the right, under certain circumstances, to obtain the erasure of your Personal Information from us; (vii) you have the right to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof. The right to object to processing Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this document. How to exercise these rights Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month. Privacy of children We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through our Website or Service. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website or Service without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through our Website or Service, please contact us. You must also be at least 16 years of age to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf). Cookies The Website uses "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. We may use cookies to collect, store, and track information for statistical purposes to operate our Website and Services. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To learn more about cookies and how to manage them, visit internetcookies.org Do Not Track signals Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, this Website is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your personal information. Affiliates We may disclose information about you to our affiliates for the purpose of being able to offer you related or additional products and services. Any information relating to you that we provide to our affiliates will be treated by those affiliates in accordance with the terms of this Privacy Policy. Links to other websites Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third-parties. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect Personal Information. Information security We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts. Data breach In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website. Changes and amendments We reserve the right to modify this Policy relating to the Website or Services at any time, effective upon posting of an updated version of this Policy on the Website. When we do we will send you an email to notify you. Continued use of the Website after any such changes shall constitute your consent to such changes. Acceptance of this policy You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the Website or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services. Contacting us If you have any questions about this Policy, please contact us.
SICS Stefan Ilchen Consulting and Services