PRIVACY

Aylashe's Privacy Policy

The protection of your privacy is very important to us. We therefore observe the relevant data protection regulations of the Basic Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG) in the version valid from 25.05.2018. With the following notes we would like to inform you about the processing of your personal data in connection with the use of our internet presence.

Content:
Name and contact details of the responsible office
Cookies
Collection and storage of personal data; nature, purpose and use
Legal basis of the processing
Transfer of data to third parties
Data erasure and storage duration
Your rights as a data subject
Data security
Up-to-dateness and modification of this privacy policy
Name and contact details of the responsible body

1. this data protection notice applies to data processing by

AYLASHES
Jura road 60
70565 Stuttgart

as the responsible body.

2. cookies
We use cookies. Cookies are text files which are stored on a computer system via an internet browser.

Numerous internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identification of the cookie. It consists of a string of characters which can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by means of the unique cookie ID.

The use of cookies enables us to provide you with user-friendly services when using this website, which would not be possible without the setting of cookies.

By means of a cookie, the information and offers on our website can be optimised in your interest. As already mentioned, cookies enable us to recognize you when you use our website. The purpose of this recognition is to make it easier for you to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is done by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in the online shop. The online shop uses a cookie to remember the articles that a customer has placed in the virtual shopping cart.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be used to their full extent.

3. collection and storage of personal data; nature, purpose and use

3.1 Access to the website
When you call up our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored as so-called "server log files". The following information is recorded without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer;
  • Date and time of access;
  • name and URL of the retrieved file;
  • website from which the access takes place (referrer URL);
  • browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The above-mentioned data are processed for the following purposes:

  • To ensure a smooth connection of the website;
  • Ensuring a comfortable use of our website;
  • evaluation of system security and stability.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest follows from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

3.2 Contact via our website
For inquiries of any kind, we offer you the possibility to contact us via a button set up on our website. In connection with contacting us, your name as well as your e-mail address, which we need in order to answer your request, will be transmitted regularly. In the context of your inquiry, you may voluntarily provide us with further personal data, in particular the context of your inquiry, your telephone number or your address. The data processing in connection with your contact is carried out in accordance with § 6 para. 1 sentence 1 lit. a DSGVO on the basis of your voluntary consent for the purpose of processing your enquiry. The personal data collected by us will be deleted after completion of your inquiry. Your data will not be passed on to third parties.

3.3 Establishing contact via social networks
We also offer you the possibility to send us your requests via social networks (Facebook, Instagram and Pinterest). Such contact is only possible if you have an account in the respective social network and are logged in with your account at the time of contact in this network. We would like to point out that during registration and login to Facebook, Instagram or Pinterest, extensive personal data is collected, stored and processed by them. We have no influence whatsoever on the collection of data by Facebook, Instagram and Pinterest. The responsibility for data protection compliant operation is to be guaranteed by their respective providers. Details of the data protection regulations of the individual providers can be found under the following links:

Facebook: https://www.facebook.com/about/privacy/Faceboo
Instagram: https://www.instagram.com/about/legal/privacy/

In the context of your inquiry, you may voluntarily provide us with your personal data, in particular the context of your inquiry, your telephone number or your address. The data processing in connection with your contact is carried out in accordance with § 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntary consent for the purpose of processing your enquiry. The personal data collected by us will be deleted after completion of your inquiry. For the storage of this data by Facebook, Instagram and Pinterest, the respective data protection regulations of the respective providers apply, which can be accessed via the links listed above.

3.5 Contactingyouvia WahtsApp
In some cases, communication with you can be done via the message service WhatsApp WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Already by storing your telephone number on a mobile device on which WhatsApp is installed, WhatsApp Inc. receives personal data (especially meta data of the communication), which is also processed on servers in countries outside the EU (e.g. USA). WhatsApp passes this data on to other companies within and outside the Facebook group of companies. We have no influence on the collection, processing and storage of this data. WhatsApp is responsible for ensuring that its operations comply with data protection regulations. Information on WhatsApp's privacy policy can be found at https://www.whatsapp.com/legal/.

WhatsApp will only contact you with your express consent. If you do not give such consent, your telephone number will not be stored on our mobile devices to prevent data transmission to WhatsApp. If you contact us yourself via WhatsApp, we will consider this as consent. Your consent can of course be revoked at any time. Revocation does not affect the lawfulness of the processing that has taken place on the basis of the consent until revocation.

3.6 Registration as a customer
You have the possibility to register as a customer on our website, for example to place orders via our shop. For this purpose, you must set up a password-protected customer account by providing personal data. During such a registration you will be asked to provide the following mandatory data:

  • e-mail address;
  • first name;
  • last name;
  • password;
  • Confirmation of age over 18 years

Furthermore, a user name, a so-called "display name", is automatically assigned during registration. You can change this name at any time by entering it in your user account. The display name will be visible to all visitors to our website if you give reviews of our products.

When you register, the IP address assigned by your Internet Service Provider (ISP), the date and time of registration are also stored. The storage of this data is carried out against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of any criminal offences committed. In this respect, the storage of this data is necessary for our security. As a matter of principle, this data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.

Your registration with voluntary disclosure of personal data serves to offer you content or services which, due to the nature of the matter, can only be offered to registered users (for example, overview of your orders and submission of ratings). You are free to change the personal data provided during registration at any time or to have it completely deleted from our database.

3.7 Ordering process
All data that you enter in the course of order processing is stored. These are:

  • Your gender;
  • name, first name;
  • company name (optional);
  • e-mail address;
  • address;
  • Phone number

Those data, which are absolutely necessary for delivery or order processing, are passed on to third service providers. Your data may be passed on to the following service providers in this context:

Delivery services etc..
Furthermore, we collect in the course of the ordering process the payment method you choose (advance bank transfer or PayPal).

In order to enable you to pay conveniently with PayPal, we have integrated components of PayPal on our website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the possibility of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you select "PayPal" as payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of your personal data required for the payment process.

The personal data transmitted to PayPal is usually your first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for the payment processing. For the processing of the purchase contract, such personal data is also necessary in connection with the respective order.

The transmission of the data is intended for payment processing and fraud prevention. We will transmit PayPal personal data in particular if there is a legitimate interest for the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfil contractual obligations or if the data is to be processed under contract.

You have the possibility to revoke your consent to PayPal to process personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for the (contractual) handling of payments.

PayPal's applicable data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

3.8 Subscription to our newsletter
You have the possibility to subscribe to our newsletter. To do so, you must provide your first name and your e-mail address. Your first name is only used for the purpose of a personal address in the newsletter.

With the newsletter we inform our customers about our offers at regular intervals. The newsletter can only be received by you if (1) you have a valid e-mail address and (2) you register for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation mail is used to check whether you, as the owner of the e-mail address entered, have authorized the receipt of the newsletter.

When registering for the newsletter, we also save the IP address assigned by the Internet Service Provider (ISP) of the computer system you are using at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves as a legal safeguard.

The personal data collected during registration for the newsletter is transmitted to an external service provider, XY, which enables us to send our newsletter. XY uses your personal data exclusively for the fulfilment of the data processing assigned to him, namely for the dispatch of the newsletter. XY is contractually obliged to ensure a level of data security which corresponds to the level of data security guaranteed by us. All processed data are subject to our control. The subscription to our newsletter can be cancelled at any time. Consent to the storage of personal data, which you have given us for sending the newsletter, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. The legality of the processing of data based on the consent given until the revocation is not affected by the revocation.

3.9 Newsletter tracking
Our newsletters contain so-called tracking pixels. A tracking pixel is a thumbnail graphic embedded in e-mails sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. By means of the embedded pixel-code, we can identify whether and when an e-mail was opened by you and which links in the e-mail were accessed by you.

Such personal data collected via the pixel-code contained in the newsletters is stored and evaluated by us in order to optimise newsletter dispatch and to adapt the content of future newsletters even better to your interests. You are entitled at any time to revoke the separate declaration of consent issued in this regard using the double opt-in procedure. After a revocation, this personal data will be deleted by us. We automatically interpret a cancellation of the receipt of the newsletter as a revocation.

3.10 Use of Facebook and Instagram
Due to our legitimate interest in the optimization and operation of our online offer, we offer you the opportunity on our website, based on Art. 6 para. 1 p. 1 lit. f DSGVO, to access our Facebook or Instagram page by clicking on the corresponding links. You can recognise the two links by two buttons integrated on our website with the Facebook and Instagram logos. The responsibility for data protection compliant operation must be guaranteed by their respective providers. The integration of these buttons by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.

3.10.1 Facebook
Clicking on the Facebook button opens a new browser tab or window with Facebook and you will automatically be taken to our Facebook page. Here, information (including your IP address) from your browser is transmitted directly to a Facebook server and stored there. If you are logged in to your Facebook account during your visit to this website, the information mentioned above will be linked to this account. If you do not want this to happen, you must log out of Facebook before clicking the Facebook button on our website.

Which data, for what purpose and to what extent Facebook collects, uses and processes, and which rights and setting options you have to protect your privacy, can be found in the Facebook privacy policy. You can find these here: https://www.facebook.com/about/privacy/Facebook

You can also use your Facebook profile to make further settings for data processing for advertising purposes or to object to the use of your data for advertising purposes. You can access the settings here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Cookie deactivation page of the US website: http://optout.aboutads.info/?c=2#!/

Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/

Facebook Inc. complies with European data protection law and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

3.10.2 Instagram
Clicking the Instagram button will open a new browser tab or window with Facebook and you will automatically be taken to our Instagram profile.

If you are logged in to Instagram at the same time, Instagram will recognize your account, assign the transferred data to it, save and process it.

If you do not want the data to be transferred to Instagram, you can prevent the transfer by logging out of your Instagram account before clicking the Instagram button.

Further information and Instagram's applicable privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

3.11 Use and application of Google Analytics (with anonymization function)
We use Google Analytics (with anonymization function). Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behaviour of visitors to websites. Among other things, a web analysis service collects data about which website a user came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of your Internet connection is shortened and made anonymous by Google if our website is accessed from a member state of the European Union or from another state that is a party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us which show the activities on our website and to provide further services in connection with the use of our website.

Google Analytics places a cookie on your information technology system. What cookies are has already been explained above. By setting the cookie, Google is able to analyse the use of our website. Each time you call up one of the individual pages of this website, the Internet browser on your information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. Within the scope of this technical procedure, Google receives knowledge of personal data, such as your IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.

By means of the cookie, personal information such as the access time, the location from which an access originated and the frequency of your visits to our website is stored. Whenever you visit our website, this personal data, including your IP address, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

You may refuse the use of cookies by our website, as described above, at any time by selecting the appropriate settings on your internet browser, thus permanently rejecting the use of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, you have the possibility to object to the collection of data generated by Google Analytics and relating to the use of this website, as well as to the processing of this data by Google, and to prevent such a collection. To do this, you must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If your information technology system is deleted, formatted or reinstalled at a later date, the Browser Add-On must be installed again in order to deactivate Google Analytics. If the Browser Add-On is uninstalled or deactivated, you have the option of reinstalling or reactivating the Browser Add-On.

Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

3.12 Application and use of Google AdWords
We use Google AdWords. Google AdWords is an internet advertising service that allows advertisers to display ads in Google's search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to predefine keywords that will cause an ad to appear in Google's search results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in accordance with the keywords previously defined.

The operating company of the Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the Internet pages of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If you reach our website via a Google ad, a so-called conversion cookie is stored on your information technology system by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used for your identification. If the cookie has not expired, the conversion cookie is used to determine whether certain sub-pages, for example the shopping cart from an online shop system, have been called up on our website. The conversion cookie enables both we and Google to track whether a person who reached our website via an AdWords ad generated sales, i.e. whether he or she completed or abandoned a purchase.

The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users that were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive any information from Google that could be used to identify you.

The conversion cookie is used to store personal information, such as the websites you visit. Accordingly, each time you visit our website, personal data, including your IP address, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

You may refuse the use of cookies by our website, as described above, at any time by selecting the appropriate settings on your internet browser, thus permanently rejecting the use of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on your information technology system. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, you have the opportunity to object to interest-based advertising by Google. To do so, you must access www.google.de/settings/ads from any of the Internet browsers you use and make the desired settings there.

Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

4 Legal basis of the processing
Art. 6 I lit. a DS-GVO serves us as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If we are subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company was injured and his or her name, age, health insurance details or other vital information had to be disclosed to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 sentence 2 DS-GVO).

5. disclosure of data to third parties
Your personal data will not be transferred to third parties for purposes other than those described below. We only pass on your personal data to third parties if:

you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, and
this is legally permissible under Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of contractual relationships with you is required.

6. data deletion and storage period
The personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to store the data further for the purpose of concluding or fulfilling a contract.

The criterion for the duration of storage of personal data is the respective legal retention period (e.g. tax regulations). After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of a contract.

7. your rights as a data subject
As a data subject, you are entitled to various rights:

7.1 Right to confirmation
Every data subject has the right, granted by the European Directives and Regulations, to obtain confirmation from the controller as to whether personal data relating to him are being processed. If you wish to exercise this right of confirmation, you can contact us at any time.

7.2 Right to information
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain at any time and free of charge from the controller information on the personal data stored in relation to him or her and a copy thereof. Furthermore, the European Directive and Regulation Giver has granted the data subject access to the following information:

  • the purposes of the processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
  • if possible, the envisaged duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
    the existence of a right of rectification or erasure of personal data relating to them or of a right of objection to their processing by the controller;
  • the existence of a right of appeal to a supervisory authority;
  • where the personal data are not collected from the data subject: any available information concerning the origin of the data;
  • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

Furthermore, the data subject has the right to be informed whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in relation to the transfer.

If you wish to exercise this right of access, you can contact us at any time.

7.3 Right of rectification
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to request the immediate rectification of incorrect personal data concerning him/her. The data subject also has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If you wish to exercise this right of rectification, you can contact us at any time.

7.4 Right of cancellation (right to be forgotten)
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain from the controller the immediate erasure of personal data relating to him/her, where one of the following reasons applies and provided that the processing is not necessary:

the personal data have been collected or otherwise processed for purposes for which they are no longer necessary
The data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) of the DPA or Article 9(2)(a) of the DPA, and there is no other legal basis for the processing.
The data subject lodges an objection to the processing pursuant to Article 21(1) DPA and there are no overriding legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Article 21(2) DPA.
The personal data were processed unlawfully.
The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data were collected in relation to information society services offered in accordance with Article 8 (1) DS-GVO.
If one of the above reasons applies and you wish to have personal data stored by us deleted, you can contact us at any time. We will comply with the request for deletion without delay.

If the personal data have been made public by us and our company, as the person responsible, is obliged to delete the personal data in accordance with Art. 17 (1) DS-GVO, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other persons responsible for data processing who process the published personal data that you have requested these other persons responsible for data processing to delete all links to these personal data or copies or replications of these personal data, insofar as the processing is not necessary.

7.5 Right to limit the processing
Any person affected by the processing of personal data has the right, granted by the European Directive and Regulation Giver, to request the controller to limit the processing if one of the following conditions is met:

the accuracy of the personal data is contested by the data subject, for a period of time sufficient to enable the controller to verify the accuracy of the personal data
The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to assert, exercise or defend legal claims.
The data subject has lodged an objection to the processing in accordance with Article 21 (1) of the DPA and it is not yet clear whether the legitimate reasons given by the controller outweigh those of the data subject.
If one of the above-mentioned conditions is met and you wish to request the restriction of personal data stored by us, you can contact us at any time. We will arrange for the restriction of the processing.

7.6 Right to data transferability
Every person concerned by the processing of personal data has the right, granted by the European Directives and Regulations, to receive the personal data concerning him/her which have been provided by the data subject to a controller in a structured, common and machine-readable format. He/she also has the right to have this data communicated to another controller without hindrance by the controller to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6(1)(a) DPA or Art. 9(2)(a) DPA or on a contract pursuant to Art. 6(1)(b) DPA and that the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising their right to data transferability in accordance with Art. 20 Paragraph 1 FADP, the data subject has the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

You can contact us at any time to assert your right to data transfer.

7.7 Right of objection
Every person concerned by the processing of personal data has the right, granted by the European legislator for directives and regulations, to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out on the basis of Article 6(1)(e) or (f) of the DPA. This also applies to profiling based on these provisions.

In the event of an objection, we no longer process the personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.

If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for the purposes of direct marketing, your personal data will no longer be processed for those purposes.

You can contact us at any time to exercise your right to object. You are also free to exercise your right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving technical specifications.

7.8 Automated decisions in individual cases including profiling
Every person concerned by the processing of personal data has the right, as granted by the European Directives and Regulations, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorised by Union or national legislation to which the controller is subject and that such legislation provides for adequate safeguards of the rights and freedoms and legitimate interests of the data subject, or (3) is taken with the explicit consent of the data subject.

If the decision is (1) necessary for the conclusion or performance of a contract between you and us, or (2) with your express consent, we shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of the controller, to present his point of view and to challenge the decision.

If you wish to assert rights relating to automated decisions, you can contact us at any time.

7.9 Right to revoke a data protection consent
Every person affected by the processing of personal data has the right, granted by the European Directive and Regulation Giver, to revoke his or her consent to the processing of personal data at any time.

If you wish to exercise your right to withdraw your consent, you can contact us at any time.

7.10 Right of complaint
Any person affected by the processing of personal data has the right to complain to the supervisory authority responsible for the controller, for example if he/she considers that the controller is processing his/her personal data unlawfully. The authority responsible is:

Baden-Württemberg State Commissioner for Data Protection and Freedom of Information

Königstr. 10 a, 70173 Stuttgart
Phone: 0711 615541-0
fax: 0711 615541-15
E-mail: poststelle@lfdi.bwl.de
Web: www.baden-wuerttemberg.datenschutz.de

9. data security
We use the common SSL (Secure Socket Layer) procedure within the website visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

10th topicality and amendment of this data protection declaration
This data protection declaration is currently valid and has the status of May 2018. Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our website at https://www.aylashes.de/datenschutzbelehrung.