1. Definitions
This data protection declaration is based on the terms used by the European legislation for the adoption of the General Data Protection Regulation (“GDPR”). This data protection declaration should be legible and understandable for the general public, as well as customers and business partners. To ensure this, please see the following explanation of the terminology used.
In this data protection declaration, we use, among others, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
g) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
h) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
i) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
j) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Contact Details of the Controller
In case of questions or comments concerning this Privacy Policy, please contact the person and/or company by e-mail or by post to the contact data listed in the imprint.
3. Processor
In some cases, external service providers may be used who are bound by instructions to process your data. These are carefully selected, commissioned and regularly checked. The contracts are based on data processing agreements in accordance with Art. 28 GDPR. The processor does not process the data independently for his own purposes.
4. Legal Basis for Processing of Your Data
If the legal basis is not listed in the Privacy Policy, the following applies:
- Insofar as the data subject provides consent for processing, Art. 6 para. 1 sentence 1 lit. a) GDPR is the legal basis;
- In case of processing of personal data necessary for the fulfillment of a contract, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR;
- Insofar as processing of personal data is necessary for the fulfillment of a legal obligation, the legal basis is Art. 6 para. 1 sentence 1 lit. c) GDPR;
- In the event that vital interests of the data subject or of another natural person require a processing of personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. d) GDPR;
- If processing is necessary to safeguard legitimate interests of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh these legitimate interests, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.
5. Retention periods
The data processed by Trustworthy Picks is erased or its processing is restricted in compliance with statutory requirements, in particular Art. 17 and 18 GDPR. Unless expressly stated otherwise within the scope of this Privacy Policy, Trustworthy Picks erase stored data as soon as such is no longer required for the intended purpose. Data will be retained beyond the time at which the purpose ends only if such data is necessary for other, legally permissible purposes or if the data must continue to be retained due to statutory retention periods. In these cases, processing is restricted, i.e. it is blocked, and will not be processed for other purposes.
6. Server log data
The website collects a series of general data and information when a data subject (user) or automated system calls up the website. This general data and information are stored in the server log files. This includes:
- the browser types and versions used;
- the operating system used by the accessing system;
- the website from which an accessing system reaches our website (so-called referrers);
- the sub-websites;
- the date and time of access to the Internet site;
- an Internet protocol address (IP address);
- the Internet service provider of the accessing system, and
- any other similar data and information that may be used in the event of attacks on Trustworthy Picks information technology systems.
The data is stored on Trustworthy Picks servers. This data is not stored together with other personal data except those stated above. When using these general data and information, Trustworthy Picks do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of the website correctly, (2) ensure the long-term viability of information technology systems and website technology, and (3) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, Trustworthy Picks analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data processed.
The legal basis of the above data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.
7. Rights of the data subject
Pursuant to statutory provisions, you can assert the following rights vis-à-vis the data processing controller free of charge:
- Right to access by the data subject (Art. 15 GDPR);
- Right to rectification and erasure (Art. 16 and Art. 17 GDPR);
- Right to restriction of processing (Art. 18 GDPR);
- Right to data portability (Art. 20 GDPR);
- Right to object (Art. 21 GDPR).
You also have the right to complain to a data protection supervisory authority concerning the controller’s processing of your personal data.
8. Links to third-party websites
The website may contain links to third-party websites. If you follow a link to one of these websites, please note that these offers have their own data protection policies and that the domain owner is not controller for such processing. Please review each privacy policy before disclosing personal information to those controllers.