You provide personal data by purchasing items on k9harness.com which we treat on the basis of the Act of CXII of 2011 on the right of Informational Self-Determination and Freedom of Information, on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and Regulation (EC) No 2016/679 of the European Parliament and of the Council on universal service and users' (hereinafter: GDPR) on repealing Regulation (EC) No 95/46, in accordance with the CVIII Act of 2001 on certain aspects of electronic commerce services and information society services, Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising Activity, Act C of 2000 on Accounting, The CXXVII of 2007 on General Sales Tax law, as well as Act V of 2013 on the Civil Code, and the 1997 CLV Act on Consumer Protection, and CLIX 2012 on Postal Services. The aforementioned legislation requires this information to detail the processing of your personal information and the rights associated with it.
1. THE PERSON OF THE DATA CONTROLLER
K9 Gear Korláltolt Felelősségű Társaság (principal office: Bajcsy-Zsilinszky Street 43/A, Szigetszentmiklós 2310 Hungary, Incorporation No. 13-09-171803, phone number: +36703213699, e-mail: info@k9g.eu, web address: www.k9harness.com, hereinafter referred to as "Data Controller")
The Data Controller determines the scope, purpose and duration of the data requested in any purchasing process on the webshop and any other relevant conditions of data processing in the points 3 and 4 above.
2. PROVIDING YOUR DATA ON K9HARNESS.COM IS VOLUNTARY
You are not required to provide your personal information but, in the absence of these, you can not purchase the products or services available on the web store.
3. THE RANGE OF HANDLED DATA, THE PURPOSE AND DURATION OF DATA MANAGEMENT
After the registration and login you can buy items on the website of the Data Controller. You can register and log in with the user account created on the Data Controller website.
The handled data:
Registration on the website
Basic data: required: Surname, First name, E-mail address, password given by the User (encrypted), phone number, Country
optional: sex, date of birth, name of company
Billing Address (es):
required: surname, first name, e-mail, country, city, first address, postal code, telephone number
Optional: company
Delivery Address (es):
required: surname, first name, e-mail, country, city, first address, postal code, telephone number
Optional: company
Personal information provided during email and telephone customer service
e-mail address, name, address (country, city, postal code, street, house number), telephone number and email received by Customer Service, other personal data and circumstances of the user or other person concerned.
Personal information provided during complaint handling:
a. the name and address of the consumer,
b. the place, the time and the way in which the complaint is put forward,
c. a detailed description of the consumer's complaint, a list of documents, documents and other evidence presented by the consumer,
d. the Data Controller's statement on the consumer's complaint regarding the complaint, if the complaint can be immediately investigated
Personal information provided during promotions, campaigns, and media appearences:
The personal data range is determined on a case-by-case basis as defined in the terms of participation of the particular promotion.
Personal information provided on the Facebook page below:
Comments and messages on k9harness.com Facebook page https://www.facebook.com/k9harness/
Personal information provided on https://www.k9harness.com/blog:
Comments and messages on www.k9harness.com/blog page
The goal of data management:
Registration on the website
online product sales,
documenting purchase and payment,
fulfillment of the accounting obligation,
identifying and contacting the user as buyer,
fulfillment of the ordered product (or service), invoice delivery,
the possibility of making payment, and the filtering of suspicious transactions during online payment.
Personal information provided during email and telephone customer service
The investigation and accurare documentation, or the accurate documentation of the telephone conversation which was conducted woth the telephone customer service in order to provide the Data Controller with the requests and comments that are related to the Data Controller's activities. Communication via email is archived so, for any subsequent issue or dispute, the information is available in its original form and, if necessary, in connection with the case, the Data Controller an contact the user.
Personal information provided during complaint handling:
The investigation and accurare documentation, or the accurate documentation of the telephone conversation which was conducted woth the telephone customer service in order to provide the Data Controller with the requests and comments that are related to the Data Controller's activities. Communication via email is archived so, for any subsequent issue or dispute, the information is available in its original form and, if necessary, in connection with the case, the Data Controller an contact the user.
Personal information provided during promotions, campaigns, and media appearences:
Conducting promotions, campaigns, and media appearances.
Personal information provided on the Facebook page below:
Consumers can send comments and messages to the Data Controller via Facebook. Data Controller or data processor which provides service to the Data Controller can answer questions and comments if necessary. (Facebook is not the official forum for dealing with consumer complaints.)
Personal information provided on https://www.k9harness.com/blog:
Consumers can send comments and messages to the Data Controller via k9harness.com/blog. Data Controller or data processor which provides service to the Data Controller can answer questions and comments if necessary. (k9harness.com/blog is not the official forum for dealing with consumer complaints.)
Data management duration
Registration on the website
until the performance of the contract,
Until the withdrawal of the consent of the person concerned, in the absence thereof
the Data Controller shall disclose the data 5 years after the date of purchase, on the basis of Ptk. §6:22. If the data is kept by the Data Controller under the Accounting Act, data will only be deleted by the Data Controller, irrespective of the consent of the data subject, 8 years after the user account has been terminated. Your contribution can be withdrawn at any time by sending a message to the info@k9g.eu e-mail address.
Personal information provided during email and telephone customer service
Until the withdrawal of the consent of the person concerned, in the absence of the withdrawal the Data Controller deletes the request, based on Ptk. §6:22, received by e-mail to the Customer Service on the date of its arrival to the Data Controller or after the telephone conversation after 5 years. Ha az adatokat az Adatkezelő a Számv. tv. alapján köteles megőrizni, akkor az adatokat az Adatkezelő az érintett hozzájárulásától függetlenül csak az ügy Adatkezelőhöz történő megérkezésének napját,vagy a telefonbeszélgetést követő 8 év múlva törli. Your contribution can be withdrawn at any time by sending a message to the info@k9g.eu e-mail address.
Personal information provided during complaint handling:
The Data Controller shall keep the incoming complaint and the copy of the reply for five years and present it to the control authorities upon request. If the Data is kept by the Data Controller under the Accounting Act, the Data Controller will only disclose the data, irrespective of the person concerned, 8 years after the complaint has been filed.
Personal information provided during promotions, campaigns, and media appearences:
The duration of the data processing is determined on a case-by-case basis as specified in the terms of participation of the promotion.
Personal information provided on the Facebook page below:
Unless the consent of the person concerned is withdrawn, the data that are processed by the Data Controller will be deleted, based on Ptk. §6:22, 5 years after the date of communication.
Personal information provided on https://www.k9harness.com/blog:
Unless the consent of the person concerned is withdrawn, the data that are processed by the Data Controller will be deleted, based on Ptk. §6:22, 5 years after the date of communication.
Legal basis for data handling
Registration on the website
In the case of online product sales the contribution of the concerned person on the basis of Information on Self-Determination Act Article 5 (1) (a) and Article 6 (1) (a) of the GDPR, and fulfillment of the contract on the basis of Article 6 (1) (b) of the GDPR, the documentation of the process of purchasing and payment, the fulfillment of the accounting obligation, and the fulfillment of the legal obligation during the process of the invoice declaration and payment on the basis of Article 6 (1) (c) of the GDPR and Article 169 (2) of the Accounting Act and Article 169 of the Vat Act, the contribution of the concerned person during the process of identifying the user as the customer and communicating with the customer and in fulfilling the order of the customer (both products or services) on the basis of Information on Self-Determination Act Article 5 (1) (a) and Article 6 (1) (a) of the GDPR and the fulfillment of the contract on the basis of Article 6 (1) of the GDPR, in case of the filtering of suspicious transactions on-line during the online payment method a legitimate interest on the basis of Article 6 (1) (f) of the GDPR.
Personal information provided during email and telephone customer service
The legal basis for managing the data handled in customer service activities is the contribution of the concerned person on the basis of the Information on Self-Determination Act Article 5 (1), Article 6 (1) (a) of the GDPR, and fulfillment of the contract on the basis of Article 6 (1) (b) of the GDPR, the fulfillment of a legal obligation under Article 6 (1) (c) of the GDPR and Article 17 (a) of the Consumer Protection Act.
Personal information provided during complaint handling:
The legal basis for managing data processed during complaint handling activities is the contribution of the concerned person on the basis of the Information on Self-Determination Act Article 5 (1), Article 6 (1) (a) of the GDPR, and fulfillment of the contract on the basis of Article 6 (1) (b) of the GDPR, the fulfillment of a legal obligation under Article 6 (1) (c) of the GDPR and Article 17 (a) of the Consumer Protection Act.
Personal information provided during promotions, campaigns, and media appearences:
The legal basis for handling the data processed during the promotional activity is defined in the data management prospectus attached to the promotion conditions of the promotion.
Personal information provided on the Facebook page below:
The contribution of the concerned person on the basis of the Information on Self-Determination Act Article 5 (1) and the Article 6 (1) (a) of the GDPR.
Personal information provided on https://www.k9harness.com/blog:
The contribution of the concerned person on the basis of the Information on Self-Determination Act Article 5 (1) and the Article 6 (1) (a) of the GDPR.
4. PROFILING
On the basis of the contribution of the concerned person, the Data Controller arries out profiling in order to provide bids tailored to your needs, wishes and interests. Bids can be sent by e-mail or displayed on the website. Profiling is any form of automated personal data processing that uses personal information to analyze or predict personal attributes associated with a user (eg personal preferences, interest, health, behavior, location, or mobility).
5. PERSONS ACCESS TO PERSONAL DATA
Data may be accessed by data processing marketing staff or by additional data processors named in this Prospectus for the purpose of performing their duties. For example, the system administrator of the Data Controller and the data processors named in this prospectus can access personal information for data processing and administrating.
The Data Controller uses the webanalitical service of Google Analytics, Google Adwords, Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) of Google LLC (1600 Amphitheater Parkway Mountain View CA 94043), which is a member of the EU-U.S. data protection shield (headquarters: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Webanalysis services also use cookies designed to help us analyze the use of online surfaces. The concerned person on the online surfaces, with a special and explicit consent to them, allows the information on the use of the online interface created by cookies to be transmitted to Google's US servers of Google Analytics and Google Adwords. The other managed cookies are stored on servers within the European Union. By providing a specific contribution on the website, the user agrees to collect and analyze his / her data in the manner and purposes specified above. The providers mentioned above use this information to evaluate, analyze, use and evaluate the use of online surfaces by the person concerned, to provide reports on activities carried out on online surfaces, and to provide other services related to activities and Internet use. More information can be found at the cookie info at k9harness.com.
6. TRANSMISSION OF DATA
6.1. Data related to purchases made on the Internet in connection with the realization of the online sale of goods as a data management objective are transmitted through the bank card acquirer network of Raiffeisen Bank Zrt. (1054 Budapest, Akadémia u. 6.) For the purpose of financial transaction execution, transaction security and transaction tracking. The data transferred is: surname, first name, delivery address, billing address, telephone number, e-mail address, payment transaction data.
6.2. When delivering products, the recipient's name, address, and order value are forwarded to the following recipients: Magyar Posta Zrt. (Headquarters: 1138 Budapest, Dunavirág street 2-6, idopontegyeztetes@posta.hu).
6.3. Your data will not be forwarded to a third party beyond the above. A third party or recipient will be forwarded to you if you are informed in advance of the potential recipient and after that you either give prior consent or otherwise require a law.
6.4. During this data management activity, we do not transmit personal data to third countries or to international organizations.
7. LINKS TO SOCIAL MEDIA SERVICES, TO EXTENSIONS OF SOCIAL MEDIA BROWSERS
The https://k9harness.com/ webpage of the Data Controller contains simple links to Facebook, YouTube, and g +. In such cases, only those data are transferred to those social media operators when you click on that icon (e.g. the "F" icon in the case of Facebook). When you click on that icon, the social media operator's page opens in the popup window. On these pages, you may post information about our products in accordance with the rules of the respective social media operator.
8. DATA SECURITY MEASURES
The Data Controller shall ensure the security of the data, take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored or managed data is protected and and prevents their destruction, unauthorized use and unauthorized alteration. It calls the attention of third parties, to whom the data of the concerned person have been transmitted, that they are required to comply with the requirement of data security.
The Data Controller shall ensure that unauthorized persons do not have access to disclose, transmit, and modify or delete them.
The Data Controller shall do its utmost to ensure that the data are not damaged or destroyed. The above commitment is also provided by the Data Controller to the employees of his or her data management activity or to the data processors acting on behalf of the Data Controller.
The data management computer systems and other data retention site of the Data Controller can be found on the own servers of K9 Gear Kft. As far as k9harness.com is concerned, it uses the services of SZERVER GÉP helye Kft. (CÍM).
In order to prevent unauthorized persons from accessing your data, the Data Controller secures personal data as follows and prevents unauthorized access: access to the server and computers is password protected.
9. PROVIDING INFORMATION ABOUT THE DATA PROTECTION INCIDENT
Data protection incident: damage to security which results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise treated. If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller informs the data subject of the privacy incident without undue delay, in a clear and unambiguous manner.
The person concerned shall not be informed if any of the following conditions are met:
A) the Data Controller has implemented appropriate technical and organizational protection measures and applied those measures to the data covered by the data protection incident, in particular measures such as the use of encryption that make it impossible for persons who are unauthorized to access personal data to data;
B) after the data protection incident, the data controller has taken further action to ensure that the high risk for the rights and freedoms of the person concerned is no longer likely to be realized;
C) the information would require disproportionate effort. In such cases, the person concerned shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective.
10. THE RIGHTS OF PERSONS CONCERNED AND THEIR REMEDY OPPORTUNITIES
In addition to the rights set forth above for the use of the recordings, the persons concerned may exercise the following rights in connection with the processing of this prospectus:
The right to information and to access the handled personal data:
The persons concerned have the right to receive feedback from the Data Controller as to whether their personal data is being processed and, if such processing is in progress, the persons concerned have the right to have access to their personal information and the following information:
(a) the purposes of data management;
(b) the categories of personal data concerned;
(c) the categories of recipients or recipients with whom or which personal data will be communicated or disclosed, including in particular third country addressees or international organizations;
(d) in that particular case, the intended duration of the storage of personal data or, if this is not possible, the criteria for determining that period;
(e) the right of the persons concerned to request the Data Controller to correct, delete or restrict the personal data relating to them and protest against the handling of such personal data;
(f) the right to submit a complaint addressed to a supervisory authority;
(g) where data is not collected from the persons concerned, all available information on their source;
(h) the fact of the automated decision-making, including profiling and at least in such cases the logic used and the related information, how significant is the data management and the likely consequences of it for the person concerned.
Where personal data are transmitted to a third country or to an international organization, the data subject shall have the right to be informed about the appropriate guarantees for the transmission.
The Data Controller shall provide the persons concerned with a copy of the personal data subject to data processing. For additional copies requested by the persons concerned, the Data Controller may charge a reasonable fee based on administrative costs. If the persons concerned submitted the request electronically, the information will be provided by the Data Controller in a widely used electronic format, unless otherwise requested by the persons concerned.
The right to request a copy referred to in the preceding paragraph shall not adversely affect the rights and freedoms of others.
Rights under these rights may be exercised through the contact points indicated in point I above.
The right to correction:
At the request of the person concerned, the Data Controller corrects inaccurate personal data for the person concerned without undue delay. Taking into account the purpose of the data handling, the person concerned has the right to request the supplementation of his incomplete personal data, including by means of a supplementary statement.
Right to delete ("forgetting"):
In the case of any of the following reasons, the person concerned shall have the right, at his request, to delete the personal data relating to him without undue delay:
(a) personal data are no longer required for the purpose from which they have been collected or otherwise treated;
(b) the person concerned withdraws his consent for data controlling and does not have any other legal basis for data processing;
(c) the person concerned is objecting to data handling and has no prior legitimate reason for data handling or where data processing is related to direct business acquisition;
(d) the personal data has been unlawfully handled;
(e) the personal data are to be deleted in order to comply with the legal obligation imposed on the Data Controller in the law of the Union or Member States;
(f) the collection of personal data in connection with the provision of information society services.
Deleting data can not be initiated if data management is required:
(a) to exercise the right to freedom of expression and information;
(b) the fulfillment of obligations under the law of the Union or of Member States applicable to the Data Controller for the processing of personal data or for reasons of public interest;
(c) for the purposes of preventive health or workplace health, assessment of the worker's ability to work, medical diagnosis, health or social care or treatment, or the management of health or social systems and services, under a contract concluded with a healthcare professional under EU or Member data is handled by a professional or under the responsibility of a professional who is subject to professional secrecy imposed by Union or national law or by the rules established by the competent authorities of the Member States, or by another person who is also subject to the obligation of secrecy imposed by Union or national law or by the rules laid down by the competent authorities of the Member States;
(d) due to public interest in the area of public health, such as the protection against serious cross-border health threats or the provision of high quality and safety of healthcare, medicines and medical devices and subject to EU or Member State law, that provides for appropriate and concrete measures to safeguard the rights and freedoms of the person concerned and, in particular, professional secrecy;
(e) on the basis of the public interest in the field of public health, and if the handling of this data is managed by professionals or are conducted under the responsibility of professionals who are subject to the professional secrecy obligation laid down by Union or national law or by the rules established by the competent bodies of the Member States, or by another person who is also subject to the obligation of secrecy imposed by Union or national law or by the rules laid down by the competent authorities of the Member States;
(f) archiving due to public interest, for scientific and historical research purposes or for statistical purposes, provided that the right to cancel would likely make it impossible or seriously compromise this data management; or
g) to submit, enforce or protect legal claims.
Right to Restrict Data Management:
Upon request of the concerned person, the Data Controller restricts the processing of data if one of the following conditions is met:
(a) the person concerned disputes the accuracy of the personal data; in this case, the restriction concerns the period of time that the person concerned can verify the accuracy of the personal data;
(b) data handling is unlawful and the person concerned is opposed to the deletion of the data and, instead, requests that they be restricted;
c) the Data Controller no longer needs personal data for data processing, but the person concerned requires them to submit, enforce or protect legal claims; or
d) the data subject has objected to data handling in the public interest or legitimate interest of data controller; in this case, the restriction applies to the duration of determining whether the Data Controller's legitimate reasons prevail over the legitimate grounds of the person concerned.
If the processing of data is restricted according to the above, such personal data may only be disclosed with the consent of the person concerned or the presentation, enforcement or protection of legal rights or the protection of the rights of a natural or legal person or of the public interest of the Union or of a Member State can be handled.
The Data Controller informs the data subject whose request has restricted the data management on the basis of the above, informing him in advance of the discontinuation of the limitation of data management.
Right to data storage:
The data subject shall have the right to receive personal data made available to him by the Data Controller in a fragmented, widely used machine-readable format and shall be entitled to transmit this data to another data controller without this being hampered by the Data Controller, provided personal data when:
(a) the processing of data is based on either contribution or contract; and
(b) data management is carried out in an automated manner.
In exercising the right to carry the data as described above, the data subject has the right to request, if technically feasible, the direct transfer of personal data between data controllers.
The exercise of the right to data storage shall be without prejudice to the right to delete ("forgetting"). This right does not apply if the data processing necessary for carrying out the tasks is of public interest or the data controller has the authority to grant public authority.
The right to data storage should not adversely affect the rights and freedoms of others.
Right to protest:
The data subject is entitled to object to the processing of his or her personal data by the Data Controller at any time when the legal basis for data processing is in the public interest or in the performance of a public authority exercised on the Data Controller or in the need to enforce the legitimate interests of the Data Controller or a third party, including profiling based on those provisions. In this case, the Data Controller may not process personal data unless it proves that data management is justified by legitimate reasons of enforceability that are of priority to the interests, rights and freedoms of the data subject, or which relate to the submission, validation or protection of legal claims.
If your personal data is handled for direct business, the person is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition. If a person objects to the personal data being handled for direct business purposes, personal data may no longer be handled for that purpose.
If the personal data are handled for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data relating to his / her own personal situation, unless it is necessary for the performance of a task for public interest purposes.
Right of Withdrawal:
The data subject is entitled to withdraw his consent at any time in case the process of data managing carried out by the Data Controller is based on the consent of the data subject. Revocation of the contribution does not affect the lawfulness of the consent based on consent, prior to the withdrawal.
Procedure in case of a request for access to the above rights:
The Data Controller informs the affected person of undue delay, but in any event within one month from the receipt of the request, of the actions taken by the interested party regarding the exercise of the rights set out in this Prospectus. If necessary, taking into account the complexity of the application and the number of applications, this deadline may be extended by two additional months.
The Data Controller shall inform the person concerned of the extension of the deadline by indicating the reasons for the delay. If the concerned electronic application is submitted, the information will be provided electronically, unless otherwise requested by the data subject.
If the Data Controller fails to take action upon the request of the concerned party, he shall inform the data subject without delay and within one month of the receipt of the request for reasons of non-action and whether he may file a complaint with a supervisory authority and exercise his right of judicial redress.
The Data Controller shall provide the requested information and information free of charge, provided that the claim of the person concerned is manifestly unfounded or, in particular, due to its repetitive nature, the Data Controller may charge a reasonable amount for the administrative costs incurred by providing the requested information or information or by taking the requested action, or refuse to take action on request.
The Data Controller informs all recipients of all corrections, cancellations, or restrictions on data handling with which he or she has communicated personal data, unless this proves impossible or requires disproportionate effort. At the request of the data subject, the Data Controller informs them.
11. DATA PROCESSING
The Data Controller uses the Data Processor named in this Prospectus for the performance of its activities. The Data Processor does not take a stand-alone decision, it is only entitled to proceed according to the contract with the Data Controller and the instructions received. The Data Controller checks the work of the Data Processor. The Data Processor is entitled to use the additional Data Processor only with the prior written consent of the Data Controller.
Data Processor:
Next Audit Kft. (1037 Budapest, Bokor street 9-11)
What personal information does he have access to? How can he use the received personal data (what kind of activity does he perform for the Data Controller)?
Accounting, auditorial and tax expert activites, bookkeeping
For how long time can he store the data?
until the termination of the contract, until the obligation of legal certifying duties exists
The Data Processor does not take a stand-alone decision, it is only entitled to proceed according to the contract with the Data Controller and the instructions received. The Data Controller checks the work of the Data Processor. The data processor is entitled to use the additional data processor only with the prior written consent of the Data Controller.
12. PERSONAL DATA ON CHILDREN AND THIRD PARTIES
Persons under the age of 16 can not provide personal data, unless they have been asked for permission from a parent who has parental responsibility. By declaring your personal data to the Data Controller and guaranteeing that you are doing so, your ability to act on the provision of information is not limited.
If you are not legally entitled to provide any personal data, you are required to obtain the consent of the third parties concerned (eg. legal representative, guardian, other person, such as a consumer, acting on behalf of you) or provide a different legal basis for the disclosure. In this context, you must either consider whether or not a third party's consent is required in relation to the provision of the personal data concerned. The Data Controller may not be contacted with you personally, so you are required to comply with this clause and the Data Controller will not be liable to you in this context. Regardless of this, the Data Controller is always entitled to check whether the appropriate legal basis for handling a personal data is available. For example, if you are acting on behalf of a third party, such as a consumer, we have the right to request your consent and / or the relevant data management consent of the person concerned for the particular case.
The Data Controller will do its utmost to delete any personal data that has been unlawfully made available to him. The Data Controller ensures that, if this date become learnt by him, this personal data is not transmitted to any other person or used by the Data Controller. Please get in contact with us immediately at our contact details specified in point 13 if you become aware of the fact that a child has made unauthorized access to personal data for the Data Controller or a third person disclosed your personal data for the Data Controller.
13. CONTACT DATA
Please contact info@k9g.eu or write a letter to our postal mailing address, 2310 Szigetszentmiklós, Bajcsy-Zsilinszky Street 43/A, if you have any questions or requests in connection with your personal data stored in the system and data management. Please keep in mind that, in your interest, we are only able to provide you with information about the management of your personal data or to take action if your identity is credible.
Your Remedy Opportunities*:
A) The Data Controller is contactable at the contact details specified above in this Prospectus in case of any questions and remarks in connection with data management.
B) You may initiate an investigation at the National Data Protection and Information Authority by filing a notice of the existence of a violation of law or a direct threat to your personal data; and
C) If the rights of data subject are violated, you may file a claim against the Data Controller. In this case, the court acts on the matter promptly. The Data Controller must demonstrate that data management is in compliance with the law. The trial is governed by the jurisdiction of the court. The case, according to the choice of the person concerned, may be initiated in front of the court of the domicile or place of residence of the person concerned.
*Personal data for public interest archiving, for scientific and historical research purposes or for statistical purposes, shall be subject to appropriate safeguards to protect the rights and freedoms of the data subject. These guarantees must ensure that technical and organizational measures are in place to ensure in particular with the principle of data saving. Such measures may include pseudonymisation if the above-mentioned objectives can be achieved in this way. If these goals can be achieved by further managing of data in such a way that it does not or does not anymore allow identification of the persons concerned, the objectives should be achieved in this way.