AVM Computersysteme Vertriebs GmbH (subsequently "we") is responsible for the web presence at avm.de and on the AVM social media channels.
In the following we would like to inform you about how we protect your privacy and how personalized data are processed in the context of our websites and/or online services.
Personalized data are erased as soon as possible, and never used or passed on for advertising purposes without your consent.
II. Responsible Authority / Data Protection Officer / Responsible Supervisory Authority
Data protection officer
AVM Computersysteme Vertriebs GmbH
Tel.: +49 30 399 76 0
Fax: +49 30 399 76 299
III. General Principles / Information
The definitions are in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "General Data Protection Regulation" or "GDPR"). In particular, the definitions of Article 4 and Article 9 of the GDPR apply. For your information we have listed the essentially relevant definitions below under (X).
2. Scope of Personal Data Processing
We collect and use the personalized data of our users in principle only insofar as this is necessary to render and provide our services and to prepare our web presence or online offers (including mobile apps).
Apart from this, personalized data are collected and used on a regular basis only
(i) with the user's consent,
(ii) if the processing is required for the purpose of contract performance or
(iii) for the protection of legitimate interests, insofar as this is not overridden by the interests or fundamental rights of the persons affected that require the protection of personalized data. This also includes the transmission of data to authorities and/or courts.
Moreover, such cases are excepted in which it was not possible to obtain prior consent for practical reasons, or in which the processing of the data is permitted by statutory regulations.
3. Legal Bases
Insofar as personalized data are processed on the basis of consent by the data subject, Article 6(1a) of the GDPR is the legal basis for such processing.
For the processing of personalized data for the performance of a contract to which the data subject is party, Article 6(1b) of the GDPR is the legal basis; this also applies for processing which is necessary for the implementation of pre-contractual measures.
If personalized data are processed in order to comply with legal obligations (such as, for example, retention periods stipulated by tax or commercial law, or information provided by authorities, etc.), Article 6(1c) of the GDPR is the legal basis.
For the case that vital interests of the data subject or another natural person necessitate the processing of personalized data, Article 6(1d) of the GDPR is the legal basis.
Should processing take place in order to protect a legitimate interest of our company or of a third party, and this interest is not overridden by the interests, fundamental rights and basic freedoms of the data subject, Article 6(1f) of the GDPR is the legal basis for processing.
4. Obtaining Consent / Right of Revocation
Consent in accordance with Article 6(1a) of the GDPR is generally obtained electronically. The user consents by checking the checkbox in the corresponding field for the purpose of documenting that consent was granted. When consent is granted electronically, the "opt-in" method is used in the area for registered users (e.g. for Newsflash); for the purpose of identifying the user, "double opt-in" is used (e.g. to register for newsletters). The contents of the consent form are logged electronically.
Right of revocation: Please note that consent already granted can be revoked prospectively at any time – in full or in part; the legality of any processing that took place on the basis of consent up to the time consent was revoked remains unaffected. Please direct any revocation to the contact information for the responsible authority or the data protection officer listed under (II).
5. Possible Recipients of Personalized Data
In order to provide our web and/or online services, we also employ third-party service providers ("processors") to act on our behalf and upon our instructions in the framework of service provision. In the framework of service provision, these service providers can receive personalized data or come into contact with personalized data, and constitute third parties or recipients in the terms of the GDPR.
In such cases we ensure that our service providers offer sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this regulation and ensure the protection of the rights of the data subject (cf. Article 28 of the GDPR).
Insofar as a transmission of personalized data to third parties and/or recipients outside of processing a job, we ensure that this occurs only in accordance with the requirements of the GDPR (e.g., Article 6(4) of the GDPR) and only where there is a corresponding legal basis (e.g., Article 6(4) of the GDPR).
6. Processing of Data in So-called "Third Countries"
In general, the processing of your personalized data takes place within the EU, or within the European Economic Area ("EEA").
Only in exceptional cases (e.g., in connection with the involvement of service providers to provide web analytic services) can it happen that information is transferred to so-called "third countries". "Third countries" are countries outside of the European Union and/or the Agreement on the European Economic Area, in which it cannot necessarily be assumed that the level of data protection is adequate according to the standards of the EU.
Insofar as the transmitted information also includes personalized data, we ensure before such a transfer that an adequate level of data protection is guaranteed in the given third country, or by the given recipient in the third country, or that you have provided your consent to such transfer, or there is another basis that permits such a transfer (e.g. Article 49 of the GDPR). An adequate data protection level can arise from what is called an "adequacy decision" by the European Commission or be guaranteed by application of the "EU standard contractual clauses". In the case of recipients in the US, compliance with the "EU-US Privacy Shield" can guarantee an adequate level of data protection. We are happy to provide you with further information on appropriate and suitable guarantees for adherence to an adequate level of data protection upon request; the contact information is provided at the beginning of this data protection documentation. Information on the participants in the EU-US Privacy Shield program is presented here: www.privacyshield.gov/list
7. Data Erasure and Storage Period
Personalized data on the data subject are erased or locked as soon as the purpose of processing has expired. Data are stored after the purpose of processing has expired only when this is provided for by the European or national legislator in EU regulations, laws or other directives to which our company is subject (e.g., to satisfy legal record-keeping requirements and/or when there are justified interests in storage (e.g. during the period of statutes of limitation for the purpose of legal defense against any claims). The data are also erased or locked when a storage period prescribed by the relevant standards expires, unless there is a necessity for the further storage of the data for the conclusion of a contract of for other purposes.
8. Rights of the Data Subjects
The GDPR grants certain rights to data subjects effected by the processing of personalized data (known as "rights of the data subject", especially Articles 12 through 22 of the GDPR). The individual rights of the data subjects are clarified in (XI). If you would like to exercise one or more of these rights, you can contact us at any time. Please do so by using the contact information listed under (II).
IV. Registration / Creating a User Account
Registration and creation of a personal user account are required for certain services provided via our website and online platforms. In the framework of registration and creating a user account, we collect and store the following personal data ("mandatory information"). These data are not transmitted to third parties:
- User name
- User's business email address
- Title, first name, last name
- Company (where relevant)
- Country, state and city where company is located
Also stored upon registration are (i) the user's IP address and (ii) the date and time of registration.
The user may provide voluntary details in addition to this mandatory information. Such details may include data as telephone number, fax number, mobile telephone number, or details about the company such as number of employees, sector, floor space, etc. Mandatory information required for the purpose of registration are marked in the input mask with an asterisk to designate them as required fields. Registration cannot be completed without complete and valid entries in the mandatory fields. Application for registration is not completed until after you provide entries for all of the mandatory fields AND confirm the password link we send you by email. Voluntary information may be used for the purpose of improving our sales and marketing services.
1. Purpose and Legal Basis
Registration of the user serves to restrict and/or control access to certain contents and services that we offer only to registered users on our websites and/or online platforms. Such a registration can further serve the purpose of providing certain contents and services for registered users as part of contract performance and/or for the implementation of pre-contractual measures.
The legal basis for processing data for the purpose of registration with the user's consent is Article 6(1a) of the GDPR. If registration serves the performance of a contract to which the user is party, or the implementation of pre-contractual measures, the legal basis for processing is Article 6(1b) of the GDPR. Insofar as registration serves the purpose of access restriction and/or control, the protection of legitimate interest is the legal basis as stipulated in Article 6(1f) of the GDPR; in this case the legitimate interest is in the restriction of access to protect the contents and information we developed.
2. Data Erasure and Storage Period
Should registration take place in connection with performance of a contract or for the implementation of pre-contractual measures (Article 6(1b) of the GDPR), the registration data are stored for the duration of the given working or contractual relationship, and then erased or locked after expiration of the given contract, or after the period of notice as stipulated in (III.7).
If registration does not take place in connection with performance of a contract or the implementation of pre-contractual measures, the registration data are erased as stipulated in (III.7) as soon as a registration with our website is withdrawn, modified or deleted by the user.
3. Opt-out and Elimination Options
As a user of the MyFRITZ! service you have the option of deleting your registration at any time. The data about your that are stored in other registered areas can be modified at any time. Such a change to the data you provided can be made in the registered area, or after contacting us with your request. If the data are (still) required for the performance of a contract or the implementation of pre-contractual measures, they can be erased only if no contractual or legal obligations prevent their erasure.
V. Data Processing to Prepare the Website / Collection of Log Files
Every time our website is opened, our system automatically collects data and information from the requesting user's computer system. The following data are collected (hereinafter "log data"):
- information about the type and version of the browser used
- the user's operating system
- the user's IP address
- date and time of access
- file size of the object accessed
The log data mentioned above – with the exception of the IP address – do not make it possible to identify the person of the user; personalized identification is possible only by allocating or linking the log data to a certain IP address.
1. Purpose and Legal Basis
The collection and processing of log data, especially the IP address, takes place for the purpose of providing to the user the contents contained on our website, that is, for the purpose of communication between the user and our web or online services. Temporary storage of the IP address is necessary for the duration of the given communication process. This is required for addressing the communication traffic between the user and our web or online presence, or necessary in order to utilize our web and/on online services. The legal basis for this data processing – that is, for the duration of your visit to the website – is Article 6(1b) of the GDPR, or, respectively, section 96 of the German Telecommunications Act (TKG) or Section 15(1) of the German Telemedia Act (TMG).
Any processing and storage of the IP address in log files that goes above and beyond a given communication process is undertaken in order to ensure the functionality of our web and online content, for the purpose of optimizing these contents, and to guarantee the security of our information technology systems. The legal basis for storage of the IP address for these purposes above and beyond a given communication process is Article 6(1f) of the GDPR (protection of legitimate interests) or Section 109 of the TKG.
2. Data Erasure and Storage Period
Data are erased as soon as they are no longer required to achieve the purpose of their collection. In the case of data collection for the preparation of the web pages, this is the case whenever the given session – the visit to the website – has ended. Any storage of log data above and beyond this, including saving the IP address for the purpose of system security, will last for a period of no longer than seven days from the time the user leaves the web page. Any processing and/or storage of log data above and beyond this is possible and permissible, as long as the IP addresses of the users are erased or altered after the above mentioned storage period of seven days such that it is no longer possible to match the log data to an IP address.
3. Opt-out and Elimination Options
The collection of log data for the preparation of a website, including their storage in log files as limited in the above paragraph, is absolutely necessary for operation of the website. There is thus no possibility for the user to opt out. The above does not apply for the processing of log data for purposes of analytics; depending on the web analytic tool used and the kind of data analysis (personalized/anonymous/pseudonymous), this is conform to (VII).
We differentiate among (i) cookies that are required for technical reasons, (ii) analytics cookies, and (iii) third-party cookies:
(i) Cookies that are required for technical reasons are used by us to improve the user friendliness of our web and/or online presence. In cookies required for technical reasons, the following data are saved and transmitted to our systems:
- language settings
- anti-spam protection
(ii) Analytics cookies (also known as "session cookies") are used by us to analyze the surfing behavior of users on our web and/or online presence for the purpose of advertising or market research, or to assist us in the needs-based design of our online offers. In analytics cookies, the following data are collected and transmitted to our systems:
- search terms entered
- frequency of page views
- use of website functions
The data about users collected in this manner are pseudonymized through measures. After this it is no longer possible to match the data to the user who made the request.
(iii) Third-party cookies are cookies that are provided not by our web servers, but by third-party providers. Third-party cookies are used in the course of online campaigns. For instance, they may use the Adform advertising server to record the number of times certain contents of our website are viewed. We also use Amazon remarketing and conversion pixels on our websites; the cookies used for this do not collect any personalized data. We cannot search for or evaluate third-party cookies.
The third-party providers are solely responsible for the use of such cookies; for our part, we have no opportunity to exert influence on their use and processing. You can prevent third-party cookies from being set by performing the measures described in (VI.3) and (VII).
1. Purpose and Legal Basis
- shopping cart
- application of language settings
- remembering search terms
- remembering filter settings
Analytics cookies are used for the purpose of improving the quality of our web pages and their contents. Through the analytics cookies we find out how the web pages are used so that we can constantly optimize our web presence (see above). The legal basis for the processing of personalized data using analytics cookies in the case of user consent, insofar as it is theoretically possible to personally identify the user, is Article 6(1a) of the GDPR. If analytics cookies are used to create pseudonymous evaluations, the legal basis is Article 6(1f) of the GDPR (protection of legitimate interests) or Section 15(3) of the TMG.
2. Data Erasure and Storage Period
Cookies are saved on the user's terminal device (smart device/PC) and transmitted from there to our web pages. The system differentiates between permanent cookies and session cookies. Session cookies are saved for the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the browser session is closed, but saved on the user's terminal device for a longer period.
3. Opt-out and Elimination Options
VII. Web Analytics
In order to optimize our web pages and adapt to the changing habits and technical conditions of our users, we use tools for what is known as "web analytics". Such tools measure things like which elements are visited by users, and whether the information they seek is easy to find. Such information cannot be interpreted in any meaningful way until information on a larger group of users can be considered. The data collected for such analysis are aggregated into larger units.
This way we can adapt the design of pages or contents, for instance, if we discover that a relevant share of site visitors are using new technologies, or are having trouble finding available information.
We perform analyze our website and online platforms by implementing the following tools for web analytics:
1. Analysis of Log Data
Log data are used for analystics purposes exclusively on an anonymous basis; in particular, there is no linkage with data that can be used to identify the user personally and/or matched with an IP address or a cookie. Such an analysis of log data thus is not subject to the data protection provisions of the GDPR.
2. Matomo (PIWIK)
For the analysis of the use of our website we use the Matomo web analytics service (formerly PIWIK). The usage information generated by the cookie is sent to our servers in Europe and saved by Matomo for the purpose of usage analysis. The information about your use of our websites generated by the cookie is not passed on to third parties.
- Collection by Matomo can be prevented by clicking on the following link. An opt-out cookie is set, which prevents the future collection of your data by Matomo when you visit our web pages (in this case it may not be possible, however, to use all functions on the web pages to their full extent): "Disable Tracking" button.
Here, you can deactivate the tracking on avm.de and its other international websites.
Please note: whenever you delete your cookies, the opt-out cookie will be deleted as well, so you may have to enable it again.
VIII. Newsletter / Advertising / Social Media Plug-ins
Our our web and online presence we also offer the possibility of registering for our newsletter; advertising tools and social media plug-ins are used as well. Specifically:
1. Newsletter Registration
If you would like to take advantage of the newsletter we offer, we need you to confirm your valid email address. In order to check whether you are the owner of the given email address, or that the address's owner consents to receiving the newsletter, after the first registration step we will send an automated email to the given email address (the so-called "double opt-in"). Only after confirmation of the newsletter registration via a confirmation link in the email will we include the given email address in our mailing list. We do not collect any data other than the email address and the information that the registration has been confirmed.
Your data are processed exclusively for the purpose of mailing the newsletter you requested. The legal basis for this processing is Article 6(1b) of the GDPR. You can unsubscribe from the newsletter at any time; in addition, the remarks on the right of revocation in (III.4) apply.
2. Use of Personalized Data for Promotional Pitches and Marketing Messages / Customer Surveys
Your personalized data are used for the purpose of advertising and/or marketing and for the purpose of performing customer satisfaction surveys only when corresponding permission has been granted, or when there is another legal basis that permits advertising or marketing messages even without express consent.
The legal foundation for advertising and/or marketing measures on the basis of express consent is Article 6(1a) of the GDPR; correspondingly, the remarks on consent in (III) apply. For advertising and/or marketing measures via email for the purpose of direct advertising for similar wares or services of our own, the legal basis is Section 7(3) of the German Fair Trade Practices Act (UWG); this is subject to the condition that (i) we received your email address in connetion with the sale of a good or service, (ii) you did not refuse to allow your email address to be used for the purpose of direct advertising and (iii) upon the collection of your email address and every time we use it, we clearly point out that you may refuse at any time to have your email address used in this way (on the right to refuse, see [X.6]).
3. Interest-based ads e.g. Amazon Tracking Pixel
Interest-based online ads are provided by the named third-party service provider. If you no longer wish to receive usage-based advertising, you can deactivate the data collection by switching off cookies (please refer to section VI.3 for more informaton) or by setting up an opt-out cookie. For more information on Amazon cookie usage, visit the Amazon Interest-Based Ads page.
4. Social Networks / Social Media Plug-ins
On our web pages we have embedded buttons ("plug-ins") to the social network YouTube so that you can enjoy the interactive potentials of the social networks you use on our web pages as well. With this plug-in we embed video contents in the website. This makes various functions available, the object and extent of which are determined by the operators of the social networks. Keep in mind that the IP address of your browser session may be linked to your own profile with the given social network if you are currently logged in to that network. Similarly, your visit to our web pages can be linked to your profile with the social network if it recognizes you from a cookie that was set during a previous session with the social network and is still stored on your computer.
Our pages have not embedded any plug-ins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. There is merely a passive link to our contents on Facebook.
On certain web pages (en.avm.de/news, for instance), the contents of our Facebook pages can be played via plug-in. The use of user data is not connected with these contents.
If you contact us and interact with us on Facebook (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company (for instance, in the context of applicant management), press queries, or in order to send us feedback, we use tools that process the user data generated by Facebook in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.
Our pages have not embedded any plug-ins from the social network "Google+". There is merely a passive link to our contents on Google+.
If you contact us and interact with us on Google+ (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company (for instance, in the context of applicant management), press queries, or in order to send us feedback, we use tools that process the user data generated by Google+ in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.
Our pages have not embedded any functions from the social network "Twitter". There is merely a passive link to our contents on Twitter.
If you contact us and interact with us on Twitter (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company (for instance, in the context of applicant management), press queries, or in order to send us feedback, we use tools that process the user data generated by Twitter in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.
Our pages have not embedded any functions from the social network "LinkedIn". There is merely a passive link to our contents on TwitterThere is merely a passive link to our contents on LinkedIn.
If you contact us and interact with us on LinkedIn (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company (for instance, in the context of applicant management), press queries, or in order to send us feedback, we use tools that process the user data generated by LinkedIn in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.
Our pages have not embedded any functions from the "XING" service, which is operated by XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. There is merely a passive link to our contents on XING.
If you contact us and interact with us on XING (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company (for instance, in the context of applicant management), press queries, or in order to send us feedback, we use tools that process the user data generated by XING in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.
We use the provider YouTube to integrate videos (FRITZ! Clips etc.) on our web pages. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
On some pages we also use a YouTube plug-in. When you open a page equipped with such a plug-in, a connection to the YouTube servers is established automatically to render the plug-in. In the process, which of our web pages you visited is conveyed to the YouTube server. If you are a member of YouTube and logged in to YouTube when you visit our page, YouTube can match this information to your personal user account. When you use the plug-in, for instance, by clicking the Start button on a video, this information is also matched to your user account. You can prevent such information from being matched by deregistering from, or logging out of, your YouTube user account and other user accounts with the companies YouTube LLC and/or Google Inc. before using our web pages. Alternatively, you can delete the relevant cookies set by these companies (see [VI.3] for instructions). Further information on data processing and data protection by YouTube (Google) is available at policies.google.com/privacy
If you contact us and interact with us on YouTube (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company (for instance, in the context of applicant management), press queries, or in order to send us feedback, we use tools that process the user data generated by YouTube in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.
Our pages do not include any "social plug-ins" from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. There is merely a passive link to our contents on Instagram.
If you contact us and interact with us on Instagram (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company (for instance, in the context of applicant management), press queries, or in order to send us feedback, we use tools that process the user data generated by Instagram in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.
5. Messaging apps
As a subscriber to our instant messaging services, for example WhatsApp News, you will receive the latest updates and news directly to your smartphone or tablet. To register, AVM generally needs a phone number or similar. In order to check whether you are the owner of the phone number provided, or that the owner of the phone number consents to receiving the news updates, after the first registration step we will send an automated text message to the phone number provided (the so-called "double opt-in"). Save the sender of the message as a new contact in your smartphone or tablet. Only after you've sent a message to this contact e.g. "START" can we start sending you the latest updates and news. We do not collect any personal data other than the phone number and the information that the registration has been confirmed. Your data are processed exclusively for the purpose of providing with information about the latest news from AVM, as requested by you. The legal basis for this processing is Article 6 (1b) of the GDPR. You can unsubscribe from the news service at any time; in addition, the remarks on the right of revocation in (III.4) apply.
IX. Contact Form, Feedback and Email Contact
On our pages there are various contact forms (web forms) for different topics, which the user can use to establish contact with us electronically (for instance, for product and sales consultation, product suggestions, support requests). If the user takes advantage of any of these opportunities, the data entered in the input mask are transmitted to us and stored. These data are:
- First name*
- Last name*
- Telephone number*
- Zip code*
- Message field*
- When you can be reached
On our website users are able to send us feedback e.g. in the FRITZ! Lab. If the user makes use of this, the data entered in the input mask are transmitted to us and stored. These data are:
- First name
- Last name
* Mandatory information required for the purpose of registration are marked with an asterisk (in the input mask as well) to designate them as required fields.
When the message is sent, the following data are also processed and stored:
- the user's IP address
- date and time when message was dispatched
Alternatively, you can contact us using the email addresses listed on the web pages. In this case the personalized data of the user transmitted with the email message will be stored. Under no circumstances are these data passed on to third parties, unless we have to resort to third parties to process the request.
1. Purpose and Legal Basis
These data are processed exclusively for the purpose of responding to the given request or suggestion. The other data collected during transmission of the message serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Insofar as data are processed for the purpose of fulfilling a customer order or responding to a customer request, the legal basis for data processing is Article 6 (1b) of the GDPR, regardless of whether contact was made via a contact form or email. The legal basis for processing the user's feedback is Article 6 (1a) of the GDPR. We are interested in improving our products and services for our users. The legal basis for processing the data with the user's consent is Article 6 (1a) of the GDPR. The legal basis for collecting additional data during sending is Article 6 (1f) of the GDPR; the legitimate interest here is in the prevention of misuse and ensuring system security (cf. [V.1]).
2. Data Erasure and Storage Period
In general, data are erased as soon as they are no longer required to achieve the purpose of their collection. For the personalized data from the input mask of the contact form and those that were send by email, this is the case when the given communication with the user has ended and/or the user's request was responded to conclusively.. The communication is ended, or there is a conclusive response, when the circumstances indicate that the matter in question has been settled. Instead of erasure, data will be stored and locked if further storage of the data is required for the reasons listed in (III.5).
The additional personalized data collected during the process of transmission are erased after a period no longer than seven days.
3. Opt-out and Elimination Options
The user has the possibility to terminate communication with us and/or rescind his request at any time, and to object to the corresponding use of his data. In such a case the communication cannot be continued. In this case, all personalized data stored in the course of making contact are erased, unless the further storage of data is required for the reasons listed in (III.7).
The definitions are in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "General Data Protection Regulation" or "GDPR"). In particular, the definitions of Article 4 and Article 9 of the GDPR apply. In the framework of this data protection statement, the following terms defined in Article 4 of the GDPR may be of particular relevance:
- "Personalized data: all information which refers to a natural person who is identified or identifiable (hereinafter "data subject"). A natural person is considered identifiable when he or she can be identified, directly or indirectly, especially by means of matching with an identifier like a name, with an ID number, with location data, with an online ID, or with one or more special properties that express the physical, physiological, genetic, mental, economic, cultural or social identity of this person;
- "Processing": every process associated with personalized data, executed with or without the aid of an automated method, or every such series of processes, including the collection, recording, organization, arrangement, storage, adaptation or alteration, reading, retrieval, use, disclosure through transmission, propagation or other form of provision, comparison or linkage, restriction, erasure or elimination;
- "Restriction of processing": the marking of stored personalized data with the goa of restricting or blocking their future processing;
- "Profiling": any kind of automated processing of personalized data that consists in using these personalized data in order to assess certain personal aspects related to a natural person, especially with the purpose of analyzing or predicting job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person;
- "Pseudonymization": the processing of personalized data in such a way that the personalized data can no longer be matched to a specific data subject without enlisting additional information, insofar as this additional information is stored separately and subject to technical and organizational measures which guarantee that the personalized data cannot be allocated to an identified or identifiable natural person;
- "Controller": the natural person or entity, authority, institution or other agency that decides, alone or jointly with others, about the purpose and means of processing personalized data. If the purposes and means of this processing are prescribed by EU law or the law of its member states, the controller can prescribe the specific criteria of his or her appointment in accordance with EU law or the law of the member states;
- "Processor": a natural person or entity, authority, institution or other agency that processes personalized data on the controller's behalf;
- "Recipient": a natural person or entity, authority, institution or other agency to which personalized data are disclosed, independent of whether or not these data concern a third party. Public authorities that may receive personalized data in the context of a specific investigation mandate in accordance with EU law or the law of its member states are not considered recipients, however; the processing of these data by the authorities mentioned takes place consistent with the valid data protection regulations in accordance with the purposes of processing;
- "Third party": a natural person or entity, authority, institution or other agency, besides the data subject, the controller, the processor, and the persons who are authorized to process the personalized data under the direct responsibility of the controller or processor;
- "Consent": every declaration of intent made voluntarily by the data subject for a certain case, in an informed manner and clearly expressed in the form of a declaration or another clearly affirming action, with which the data subject indicates that he or she consents to the processing of the personalized data about his or her person;
XI. Rights of the Data Subjects
According to the GDPR, the user is entitled in particular to the following data subject rights:
1. Right to information (Article 15 of the GDPR)
You have the right to request information about whether or not we process personalized data pertaining to you. If personalized data pertaining to you are processed by our company, you are entitled to information about
- the purposes of processing;
- the categories of personalized data (kinds of data) that are processed;
- the recipients or categories of recipients to whom your data were disclosed or are to be disclosed; this is the case especially when data were disclosed or are to be disclosed to recipients in third countries outside the purview of the GDPR;
- the planned duration of storage, to the extent this is possible; if the duration of storage cannot be given, in any case the criteria for determining the duration of storage (e.g. legal retention periods or the like) must be communicated;
- Your right to rectification and erasure of the data pertaining to you, including the right to restrict processing and/or the right to revoke consent (on this, see also the subsequent clauses);
- the existence of the right to lodge an appeal with a supervisory authority; . the source of the data, if the personalized data were not collected from you directly.
Further, you are entitled to information about whether your personalized data are the object of automated decisions in the sense of Article 22 of the GDPR, and, if this is the case, which decision criteria are the basis for such an automated decision (logic) or what the effects and consequences the automated decision can have for you.
If personalized data are transmitted to a third country outside the purview of the GDPR, you are entitled to information about whether, and if so, on the basis of which guarantees an adequate level of protection is ensured by the data recipient in the third country in accordance with Articles 45 and 46 of the GDPR.
You have the right to request a copy of your personalized data. We always provide copies of data in electronic form unless you request otherwise. The first copy is free of charge; for additional copies, reasonable compensation can be requested. The copy is provided subject to the rights and freedoms of other persons that can be compromised through the transmission of the copied data.
2. Right to Rectification (Article 16 of the GDPR)
You have the right to request that we rectify your data, should these be incorrect, inaccurate and/or incomplete; the right to rectification includes the right to complete your data by adding supplementary clarifications or information. A rectification and/or supplement must take place immediately – that is, without undue delay.
3. Right to Erasure (Article 17 of the GDPR)
You have the right to request that we erase your personalized data, insofar as
- the personalized data are no longer required for the purposes for which they were collected and processed;
- data processing takes place on the basis of consent you granted and you have rescinded your consent, insofar as there is no other legal basis for data processing;
- You entered an objection to data processing in accordance with Article 21 of the GDPR and there are no overriding reasons for further processing;
- You entered an objection to data processing for the purpose of direct advertising in accordance with Article 21(2) of the GDPR;
- Your personalized data were processed illegally;
- the data in question concern a child, and were collected in relation to information society services in accordance with Article 8(1) of the GDPR.
There is no right to the erasure of personalized data insofar as
- the rights to freedom of expression and to knowledge are in conflict with the request for erasure;
- the processing of personalized data (i) in order to fulfill a legal obligation (e.g. legal retention periods), (ii) in order to fulfill public duties and interests in accordance with EU law and/or the law of the member states (this also includes interests in the area of public health) or (iii) for the purposes of archiving or research;
- the personalized data are required for the assertion, exercise or defense of legal claims.
The erasure must take place immediately – that is, without undue delay. If personalized data have been made public by us (e.g. in the internet), we are responsible, in the framework of what is technically possible and reasonable, for informing third-party processors about the erasure request, including the deletion of links, copies and or replicates.
4. Right to Restriction of Processing (Article 18 of the GDPR)
You have the right to have the processing of your personalized data restricted in the following cases:
- If you have contested the accuracy of your personalized data, you can request that your data not be used for other purposes for the duration of the accuracy check and insofar restricted.
- In the case of illegal data processing you can request the restriction of data use in accordance with Article 18 of the GDPR rather than data erasure according to Article 17(1d) of the GDPR.
- If you need your personalized data for the assertion, exercise or defense of legal claims, but your personalized data are otherwise no longer required, you can request that we restrict processing to the above mentioned purpose of legal proceedings.
- If you entered an objection to data processing in accordance with Article 21(1) of the GDPR and it has not yet been decided whether our interests in processing override your interests, you can request that your data not be used for other purposes for duration of the review and insofar be restricted.
5. Right to Data Portability (Article 20 of the GDPR)
Subject to the following provisions, you have the right to receive the data pertaining to you in a commonly used, machine-readable format. The right to data portability includes the right to transmission of the data to another controller; upon request we will thus – insofar as it is technically possible – transmit data directly to a controller you specify or will specify in the future. The right to data portability applies only for the data provided by you and assumes that the data are processed on the basis of consent or for performance of a contract, and is executed using automated methods. The right to data portability in accordance with Article 20 of the GDPR does not affect the right to data erasure in accorance with Article 17 of the GDPR. The data are transmitted subject to the rights and freedoms of other persons that can be compromised through the data transmission.
6. Right to Object (Article 21 of the GDPR)
In the case of processing of personalized data in order to fulfill a task carried out in the public interest (Article 6[1e] of the GDPR) or for the purpose of pursuing legitimate interests (Article 6[1f] of the GDPR), you can object prospectively to the processing of personalized data pertaining to you at any time. In the case of an objection we have to refrain from any further processing of your data for the above mentioned reasons, unless
- there are compelling and legitimate reasons for processing which override your interests, rights and freedoms, or
- the processing is required for the assertion, exercise or defense of legal claims.
You can object prospectively to the use of your data for the purpose of direct advertising at any time; this is also true for any profiling associated with the direct advertising. In the case of an objection we have to refrain from any further processing of your data for the purpose of direct advertising.
7. Legal Protections / Right to Petition a Supervisory Authority
In the case of complaints you can address the responsible supervisory authority of the EU or the member states at any time. The supervisory authority named in (II) is reponsible for our company.
B. Legal Notice
AVM Computersysteme Vertriebs GmbH continually checks and updates the information provided on these web pages. Despite our most diligent efforts it can occur that data presented here have changed in the mean time. Therefore AVM cannot guarantee that the information made available here is accurate, complete or up to date. No liability is assumed for damages that arise directly or indirectly from the use of these web pages, unless they are attributable to intent or gross negligence, or if liability is stipulated by compulsory statutory regulations.
© AVM GmbH, Berlin, Germany. All rights reserved.
Texts, images, graphics, sounds, animations or videos, and their arrangement on these web pages, are subject to worldwide copyright laws and other protective legislation. Unauthorized use, reproduction or transmission of individual contents or complete pages can be prosecuted by under both civil and criminal law. AVM emphasizes that some of the images included on these web pages are copyrighted by third parties. All addresses on AVM's web pages are published for the exclusive purpose of providing information. No commercial use by third parties is permitted.
Unless otherwise indicated, all trademarks mentioned on these web pages are legally protected trademarks owned by AVM GmbH, especially product names and logos. Microsoft, Windows and the Windows logo are trademarks owned by Microsoft Corporation in the USA and/or other countries. Android is a trademark of Google, Inc. Bluetooth is a trademark of Bluetooth SIG, Incorporated and licensed to AVM GmbH. All other products and company names are trademarks of their respective owners.
Note on technical IP rights with standard relevance
To the extent that our products are directly or indirectly using technical IP rights, which teachings are a mandatory or optional part of an international technical standard – e.g. in the field of telecommunication – we herewith explicitly declare our willingness to accept a license offer based on fair, reasonable and non-discriminatory conditions, unless the acts of use committed by us and/or our customers are already covered by a license agreement of one of our suppliers or otherwise and no rights were exhausted.
According to general law, as the content provider for its own contents, AVM is responsible for the contents provided for use. These own contents are to be distinguished from the links to contents made available by other providers. The link is a way for AVM to make "foreign contents" available for use. AVM is responsible for these contents only if AVM has positive knowledge of them (i.e. and of any unlawful or criminal content) and if it is technically possible and reasonable to expect AVM to prevent their use.
The links, however, always constitute "living" (dynamic) references. AVM checked the foreign content the first time it was linked, in order to clear the company of any possible civil or criminal liability. However, according to law AVM is not obligated to constantly check the contents to which it provides links on its web pages for changes that could provide a new basis for liability. Should AVM discover, or be informed by others, that a concrete web page to which AVM provided a link entails civil or criminal liability, then it will remove the link, insofar as it is technically possible and reasonable to do so.
AVM reserves the right at any time to change the information provided, in part or in full, or to add to it or remove it.