General Data Protection Policy
of  
bardusch Group 

General Data Protection Policy for Consent to the Processing of Personal Data 
(General Data Protection Policy) 

Postal address 

PO Box 100105
76255 Ettlingen 

Tel. +49 7243 707 1000
Fax +49 7243 707 1104

www.bardusch.de 
[email protected]

Company address

Pforzheimer Straße 48
D-76275 Ettlingen

Contents

1. Purpose and objectives

2. Scope and responsibilities

3. Key terms and abbreviations

4. Legal basis for the processing of personal data

5. Principles

    5.1 Legality, good faith and transparency
    5.2 Earmarking 
    5.3 Data minimisation
    5.4 Complete content, accuracy and up-to-date content
    5.5 Storage limitation
    5.6 Integrity
    5.8 Availability
    5.9 Accountability
    5.10 Resilience

6. Processing activities

    6.1Categories of personal data
    6.2 Origin of personal data
    6.3 Storage periods
    6.4 Legal bases for the processing
    6.5 Processing purposes
    6.6 Risk assessment for data protection consequences
    6.7 Data forwarding
    6.8 Technical and organisational measures
    6.9 Monitoring and continual improvement
    6.9.1 Dealfront
    6.9.2 Google Ads
    6.10 Processing location
    6.11 Data subjects’ rights
        6.11.1 Right to information
        6.11.2 Right to rectification
        6.11.3 Right to restriction of processing
        6.11.4 Right to erasure
        6.11.5 Right to notification
        6.11.6 Right to data portability
        6.11.7 Right to object
        6.11.8 Right to withdraw the data protection law declaration of consent
        6.11.9 Right to not subject to an automatic decision
        6.11.10 Right to lodge a complaint with a supervisory authority

7. Supervisory authority

8. Data protection officer

1. Purpose and objectives 

The protection of natural persons in the processing of personal data is a fundamental right. The bardusch Group (bardusch) is committed to upholding this fundamental right and therefore the legal requirements. 

Thanks to its dedicated and expert employees and business partners, bardusch has been bringing personal protection, legal security, strong cost savings and the highest quality to the textile management of successful companies in Germany and Europe for more than 145 years. bardusch depends on the trust that customers, suppliers, employees and the public place in us. The reputation of bardusch is largely characterised by the manner, actions and conduct of each individual employee. 

Data protection therefore has the highest priority in our daily actions. This applies to the security of all personal data entrusted to us by employees, customers, suppliers and business partners. Our responsible, forward-looking actions are the key to sustainable data protection. 

2. Scope and responsibilities 

The binding framework of our data protection management system (DSMS) applies to all employees of bardusch as well as employees of other companies who work for bardusch (hereinafter referred to as employees). Furthermore, the General Data Protection Policy also applies to business partners who exchange personal data with bardusch or who work for bardusch or at the business premises of bardusch. All employees and business partners are sensitised via training and consultation and placed under obligation to comply with our data protection guidelines. At bardusch responsibility for data protection is held by 

  • The managing directors, who individually as data protection officers bear the legal responsibility for the observance of data protection. They initiate appropriate measures to strengthen data protection and review the effectiveness of the results of these measures with the data protection officer. The implementation of the measures may be delegated to staff members. 
  • The data protection officer monitors compliance with the data protection requirements. The data protection officer raises the awareness of the internal and external employees of the company with regard to their obligations under data protection law by providing training and advice. The data protection officer is not responsible for the correct implementation of data protection. The data protection officer is not subject to any instructions. 
  • The data protection co-ordinators, who each act on site as an extended, helping and relieving arm of the data protection officer. They have a broader knowledge of data protection and can therefore directly answer numerous questions from employees about data protection. They look after compliance with data protection regulations and raise awareness among internal and external staff. 
  • The managers who are responsible for implementing data protection in their areas of responsibility. They have the necessary authority to issue directives and co-ordinate matters with the Data Protection Officer and the other managers. They report to the management. 
  • The employees as part of contractual regulations. 

3. Key terms and abbreviations 

The following definitions of key terms and abbreviations apply. 

  • Art.

    Article within the meaning of a section of a law 

  • Processor

    A processor is a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller. 

  • Supervisory authority

    A supervisory authority is an independent governmental body established by a Member State in accordance with Article 51. 

  • bardusch

    bardusch Group 

  • BDSG

    German Federal Data Protection Act 

  • Data subject

    A data subject is any identified or identifiable natural person whose personal data are processed by bardusch

    An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (GDPR, Article 4(1)). 

  • File system

    A “file system” within the meaning of the GDPR is any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is maintained centrally, decentrally or according to functional or geographical aspects. 

  • Data breach

    A data breach, also referred to as a “personal data breach”, is a breach of security that results in the destruction, loss, alteration of, or unauthorised disclosure of, or access to, personal data forwarded, stored or otherwise processed, whether accidental or unlawful; 

  • Third party

    A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor. 

  • DSB

    Data protection officer 

  • GDPR

    General Data Protection Regulation 

  • DSMS

    Data Protection Management System 

  • Restriction of processing

    Restriction of processing is the marking of stored personal data with the aim of limiting its future processing. 

  • Consent

    Consent is any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her. 

  • Recipient

    A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients. 

  • ISMS

    Information Security Management System 

  • lit.

    lit. is the abbreviation for littera in Latin (= letter, in this respect Point). It is used in jurisprudence to cite a specific item of lettered enumerations in legal norms such as the 
    GDPR. 

  • Personal data

    Personal data is any information relating to a data subject. 

  • Profiling

    Profiling is any form of automated processing of personal data where that personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location. 

  • Pseudonymisation

    Pseudonymisation is the processing of personal data where the personal data can no longer be attributed to a specific data subject without the addition of further information. This additional information is kept separately, subject to technical and organisational measures, therefore ensuring that the personal data cannot be attributed to an identified or identifiable natural person. 

  • Controller

    A controller or data controller is the natural or legal person, public authority, agency or other body, which alone or jointly with others determines the purposes and means of the processing of personal data. 

  • Processing

    Processing is any operation or set of operations which is performed in conjunction with personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by forwarding, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

4. Legal basis for the processing of personal data 

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) a) GDPR shall serve as the legal basis. 

When processing personal data that is necessary to execute a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are required to perform pre-contractual measures. 

Insofar as processing of personal data is necessary to honour a legal obligation to which our company is subject, Article 6 (1) c) GDPR serves as the legal basis. 

In the event that vital interests of the data subject or another natural person render the processing of personal data necessary, Article 6(1) Point d, GDPR applies as the legal basis. 

If the processing is required to safeguard a justified interest on the part of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not override the former, Article 6(1), Point f, GDPR shall apply as the legal basis for the processing. 

5. Principles

All bardusch employees are guided by the following principles when processing personal data. 

5.1 Legality, good faith and transparency 

We process personal data transparently and on a lawful basis at all times. Information is made available to every data subject provided their identity can be credibly proven. In this way we ensure transparency and strengthen processing in good faith. 

5.2 Earmarking 

We process personal data exclusively to honour legitimate purposes. Personal data that serve different purposes are separated wherever possible. 

5.3 Data minimisation 

We process personal data only to the extent necessary to honour legitimate purposes. Data that are not required in the respective context are not processed. If the processing of anonymous or pseudonymised data are sufficient and possible, such data shall be used. 

5.4 Complete content, accuracy and up-to-date content 

We process personal data with such care so that we can maintain complete content, accuracy and up-to-date content during processing. In the final analysis, it is not possible to check whether the data provided to us are accurate. We shall comply with requests for correction at any time provided the request and the information about the correct data are comprehensible and credible.

5.5 Storage limitation 

We process personal data only as long as there is clear permission or a legal obligation to do so. The duration of processing is limited to what is necessary, i.e. data are deleted as soon as possible in compliance with any storage obligations. 

5.6 Integrity 

We process personal data by way of technical and organisational measures within the meaning of an information security management system in such a way that they are not corrupted. Ongoing monitoring, regular audits and continual improvement ensure the high level of our data protection. 

5.7 Confidentiality 

We process personal data in strict confidence. In our business processes, they are only made accessible to employees who require such data to perform their legitimate duties. Technical and organisational measures are designed to ensure that the confidentiality of personal data is safeguarded. 

5.8 Availability 

We process personal data by way of systems that guarantee the availability of personal data in accordance with current technological developments. We therefore protect personal data against loss and unintentional destruction by way of measures such as fire protection, theft protection, air conditioning, secure power supply and data protection in the form of backups. 

5.9 Accountability 

We process personal data in such a way that we can account for the processing at any time to data subjects, authorities and principals. 

5.10 Resilience 

We process personal data by way of IT systems that are resilient in accordance with the current technological developments, i.e. are resistant in the event of errors, malfunctions or heavy use such as DoS attacks or DDoS attacks (denial of service or distributed denial of service attacks). 

6. Processing activities 

Our personal data processing activities are set out in a processing directory. In that respect we describe the following: 

  • Categories of personal data 
  • Storage periods 
  • Legal bases 
  • Processing purpose 
  • Data protection impact assessments with risk assessments 
  • Data forwarding 
  • Technical and organisational measures 

 

6.1 Categories of personal data 

We process personal data of the following categories 

  • bardusch employees 
    • Employee master data 
      • Name details 
      • Address data 
      • Date of birth 
      • Citizenship 
      • Religion 
      • Banking connection 
      • Tax features 
      • Salary 
      • Working hours 
      • Assessments 
      • Areas of activity to date 
      • Qualifications 
      • Company service 
      • Severe disability 

    • Apprenticeship / dual-study master data 
      • School / establishment of higher education / university 

    • Pensioner master data 
      • Pension 

    • Application 
      • Name details 
      • Address data 
      • Date of birth 
      • Areas of activity to date 
      • Qualifications 
      • Photo 

  • Company customers 
    • Contact 
      • Name details 
      • Address data 
      • Communication data 
      • Position and role description 
      • Responsibility 

    • Institution 
      • Employer 
      • Name details 
      • Delivery address 
      • Communication data in an exceptional case 
      • Clothing data 
      • Clothing sizes 
      • Special sizes in an exceptional case 

  • Private customers 
    • Company customer 
    • Name details 
    • Address data 
    • Communication data in an exceptional case 
    • Clothing data 
    • Clothing sizes 
    • Special sizes in an exceptional case 

  • Interested party 
    • Contact 
      • Name details 
      • Address data 
      • Communication data 
      • Position and role description 

    • Interest in services of bardusch 

  • Supplier 
    • Contact 
      • Name details 
      • Address data 
      • Communication data 
      • Position and role description 

    • Supplier employee 
      • Name details 
      • Activity time 
      • Qualifications 
      • Rights 

  • External employees 
    • Name details 
    • Address data 
    • Communication data 
    • Activity time 
    • Qualifications 
    • Rights 

  • Special categories (where absolutely necessary) 
  • Other 

6.2 Origin of personal data 

We process personal data 

  • That are made available to us directly. They may come from employment, contract and supplier relationships, personal contacts (e.g. business cards), e-mails, the contact page of our website, postal mail, phone calls, faxes, social media or other sources. 
  • Which originate from a third-party source if such data are provided to us in accordance with the law, such as under managed service provider relationships. 
  • Automatically if our e-mails or newsletters are read or our website is visited. Our privacy policy on the use of websites describes this in greater detail. 

6.3 Storage periods 

We process personal data only for as long as we are legally under obligation to do so or in accordance with the separate voluntary consent of data subjects. This does not affect the right of data subjects to withdraw their consent at any time. 

6.4 Legal bases for the processing 

We process personal data on the basis of the following legal grounds: 

  • Existence of voluntary consent in accordance with Article 4 No. 11, Article 5(1), Point b), Article 6(1), Point a), Article 7 GDPR. 
  • Requirement for execution/initiation of a contract in accordance with Article 7, Point b), EU Data Protection Directive, Section 28(1), No. 1, BDSG (German Data Protection Act) 
  • Honouring legal obligations such as employment law, social security rights or social protection in accordance with Article 6(1), Point c), GDPR 
  • Overriding a legitimate interest of the processing in accordance with Article 6(1), Point f), GDPR 
  • In the public interest or in the exercise of official authority in accordance with Article 6 (1) (e), GDPR, if actually occurring. 

6.5 Processing purpose 

We process personal data for the following purposes: 

  • Personnel file management 
  • Applicant data collection 
  • Customer data collection 
  • Institution data collection 
  • Supplier data collection 
  • Order data collection 
  • Order processing 
  • Concern processing 

You have the right to be informed whether or not your personal data are transferred to a third country or to an international

6.6 Risk assessment for data protection impact assessment 

As part of the data protection impact assessment, we conduct data protection risk analyses. If the assessment is appropriate, measures are initiated to reduce a risk. If the effectiveness of the measures is proven, the risk is reassessed. 

6.7 Data forwarding 

Personal data shall only be transferred within the European Union or the European Economic Area in the context of executing contracts, once consent has been given or in accordance with legal requirements. 

Recipients are, for example: 

  • Processor 
    • Computer centres 
    • Typing offices 
    • Printers 
    • Direct marketing service providers 
    • Newsletter senders 
    • Applicant management service providers 
    • IT service providers 

  • Suppliers 
    • Finishers of rental workwear and personal protective equipment 
    • Cleaning services 
    • Security services 
    • Personnel leasing service providers 
    • Certifiers 
    • Laundries as an extended workbench 
    • Manufacturer of sorting equipment 

  • Enquiries with the 
    • Financial authorities 
    • Supervisory authorities 

  • Insurance policies 
  • Banks 
  • Lawyers, notaries, tax consultants and auditors 

6.8 Technical and organisational measures 

We design technical and organisational measures to ensure data protection in the sense of an information security management system. Based on this standard, we make regulations in line with our needs. 

6.9 Monitoring and continual improvement 

As required by standardised management systems, we continuously monitor and periodically review our data protection measures. Appropriate measures are taken in response to any events that occur or any need for improvement that is identified. The results of the measures are checked and put into effect if they are sufficiently effective. All measures are tracked and their implementation is recorded in a verifiable manner. 

6.9.1 Dealfront

We, bardusch GmbH & Co. KG, use the Dealfront tool to support our sales and marketing activities. In the course of using Dealfront, we collect certain personal data from users in order to improve our offering and provide better service to our customers.

Dealfront collects the following personal information from users:

  • Name and contact information such as email address, phone number, and address
  • Informationen über das Unternehmen, für das der Nutzer arbeitet, z.B. Name und Adresse des Unternehmens
  • Data about the user's interaction with the tool, such as pages visited, clicks made, or materials downloaded
  • Information about the status of the business relationship, e.g., the type of inquiry, the date of the last contact, or the current status of negotiations.

We collect this personal information from users to fulfill the following purposes:

  • to better understand potential customers
  • to better analyze the needs of potential customers
  • to improve the interaction with potential customers
  • to support our sales and marketing activities.

The processing of personal data by Dealfront is based on Art. 6 (1) lit. f DSGVO. Our legitimate interest is to improve our offer and support our sales and marketing activities.

We store the personal data of users for as long as it is necessary for the fulfillment of the above purposes. Deletion takes place when the user requests deletion or when we no longer have a business relationship with the user.

We have taken appropriate technical and organizational measures to protect users' personal data against loss, destruction, access, alteration or distribution by unauthorized persons.

6.9.2 Google Ads

Personal data is processed when you visit this website. Categories of data processed: Data on the use of the website and the logging of clicks on individual elements.

Purpose of processing: Investigation of user behaviour, analysis of the effect of online marketing measures and selection of online advertising on other platforms, which are automatically selected by means of real-time bidding based on user behaviour.

The legal basis for processing: your consent in accordance with Art. 6 (1) a GDPR.

A transfer of data takes place: to the independent controller Google Ireland Limited, Google Building Gordon House Barrow St, Dublin, Dublin 4, Ireland. The legal basis for the transfer of data to Google Ireland Limited is your consent in accordance with Art. 6 (1) a GDPR. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF).

Information about the DPF membership of Google Ireland Limited > www.dataprivacyframework.gov/list > Search for Google

6.10 Processing location 

Personal data are processed at the headquarters of bardusch, in data processing centres as well as in the context of projects at project locations within the European Union or the European Economic Area. 

In individual cases, personal data may be processed in third countries, for example when using certain software such as cloud services. Before introducing such processing, we check that an appropriate level of protection is maintained. The recommendations of the German Federal Office for Information Security and the Commissioner for Data Protection and Freedom of Information of the State of Baden-Wuerttemberg serve as a guideline for us. 

6.11 Data subjects’ rights 

Persons affected by the processing of personal data have the following rights in dealings with bardusch as data controller 

  • Information about personal data processed by us. 
  • Transparent information about the handling of personal data processed by us. 
  • Rectification and, if necessary, supplementation of personal data processed by us. 
  • Deletion of personal data and the right to be "forgotten". 
  • Restriction of processing. 
  • Data portability. 
  • Revocation of consent already given with effect for the future. 
  • Complaint to the competent supervisory authority for data protection. 

Legal time limits for the storage of certain personal data place us under obligation to store personal data even if data subjects object to future processing or request the erasure of personal data. 

If personal data of yours are processed, you are a data subject within the meaning of GDPR and you are entitled to the following rights in detail in dealings with bardusch.

6.11.1 Right to information

You may request information from bardusch as to whether personal data concerning you are processed by us. 

Where that is the case, you have the right to obtain the following information from bardusch

  • The purposes for which the personal data are processed; 
  • The legal basis for the processing of personal data 
  • The categories of personal data that are processed; 
  • The recipients or categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations; 
  • Where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period; 
  • The existence of the right to request from bardusch rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; 
  • The right to lodge a complaint with a supervisory authority; 
  • Where the personal data are not collected from you the data subject, any available information as to their source; 
  • About the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. 

You have the right to be informed whether or not your personal data are transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards in accordance with Article 46 GDPR relating to the transfer.

6.11.2 Right to rectification

You have the right rectification and/or the completion of incomplete personal data by bardusch provided the processed personal data apply to you, are incorrect or incomplete. bardusch is to rectify the data without delay. 

6.11.3 Right to restriction of processing

You have the right to obtain from the controller restriction of processing of your personal data under the following conditions: 

  • If you contest the accuracy of the personal data for a period enabling bardusch to verify the accuracy of the personal data; 
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; 
  • bardusch no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or 
  • If you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of bardusch override your reasons. 

If the processing of your personal data has been restricted, such data may only be processed – apart from the storage of such data – following your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. 

If the restriction of the processing was restricted in accordance with the aforementioned requirements, you shall be notified by bardusch before the restriction shall be lifted. 

6.11.4 Right to erasure

You have the right to obtain from bardusch the erasure of personal data concerning you without undue delay and bardusch shall be under obligation to erase personal data without delay where one of the following grounds applies: 

6.11.4.1 Reasons

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. 
  • You withdraw consent on which the processing is based according to Article 6(1),Point (a), or Article 9(2), Point (a), GDPR, and where there is no other legal ground for the processing. 
  • You object to the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR. 
  • Your personal data have been unlawfully processed. 
  • Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which bardusch is subject.
  • Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. 

6.11.4.2 Information forwarded to third parties

Where bardusch has made your personal data public and undertakes in accordance with Article 17(1) GDPR to erase the personal data, bardusch, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 

6.11.4.3 Exceptions

The right to erasure shall not apply where processing is required 

  • To exercise the right of freedom of expression and information; 
  • To honour a legal obligation that necessitates processing in accordance with the law of the Union or the Member States to which bardusch is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority transferred to bardusch
  • On the grounds of public interest in the area of public health in accordance with Article 9(2), Points h) and i), as well as Article 9(3) GDPR; 
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR provided the right stated in section a) is likely to render the realisation of the goals of such processing impossible or have a serious detrimental effect on it, or 
  • To establish, exercise or defend legal claims. 

6.11.5 Right to information

If you have exercised the right to the rectification, erasure or restriction of processing in dealings with the controller, bardusch undertakes to notify all recipients to whom your personal data have been disclosed of such rectification or deletion of data or restriction of processing unless it proves impossible or would involve a disproportionate effort. 

In dealings with bardusch, you have the right to be informed of such recipients. 

6.11.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to bardusch, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from bardusch to which the personal data have been provided, where: 

  • The processing is based on consent in accordance with Article 6(1), Point (a), or Article 9(2), Point (a), or on a contract in accordance with Article 6(1), Point (b); and 
  • The processing is carried out by automated means. 

In exercising your right to data portability, you additionally have the right to have the personal data forwarded directly from bardusch to another controller, where technically feasible. This may not adversely affect freedoms and rights of other persons. 

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority transferred to bardusch

6.11.7 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1), 

Point e) or f), GDPR. This also applies to profiling based on these provisions. 

bardusch will no longer process the personal data relating to you following your objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. 

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications. 

6.11.8 Right to withdraw the data protection law declaration of consent

You have the right to withdraw your data protection law declaration of consent at any time. Withdrawing the consent does not affect the legality of the processing that applied as a result of the consent up until the withdrawal. 

6.11.9 Right not to be subject to automated decisions

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision 

  • Is necessary to enter into or execute a contract between you and bardusch
  • Is permissible on the basis of legal provisions of the Union or the Member States to which bardusch is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or 
  • Is carried out with your express consent. 

However, these decisions may not be based on special categories of personal data in accordance with Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR apply and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. 

With regard to the cases mentioned in a) and c), bardusch takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a person on the part of bardusch, to express your point of view and to contest the decision. 

6.11.10 Right to lodge a complaint with a supervisory authority

Irrespective of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes upon GDPR. 

The supervisory authority at which a complaint is lodged shall inform the complainant of the status and outcome of the complaint, including the option of a judicial remedy in accordance with Article 78, GDPR. 

7. Supervisory authority 

The supervisory board responsible for our company is: 

The State Commissioner for Data Protection and Freedom of Information of the German federal state of Baden-Wuerttemberg 

Company address
Königstrasse 10 a 
D-70173 Stuttgart 

Postal address PO
Box 10 29 32 
D-70025 Stuttgart 

Tel.: 0711/615541-0
Fax: 0711/615541-15 
E-mail: [email protected]

8. Data protection officer  

Any data subject may contact our data protection officer directly with any questions or suggestions regarding data protection: 

T-Systems Multimedia Solutions GmbH
PO Box 10 02 24 
D-01072 Dresden 
E-mail:[email protected]