The website of the PACTware Consortium e.V. collects a range of general data and information each time the website is accessed by a Data Subject or an automated system. This general data and information is stored in the log files of the server. Data and information collected includes (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system reaches our internet page ("referrer"), (4) the sub-web pages that are accessed on our internet page via an accessing system, (5) the date and time the internet site is accessed, (6) an internet protocol address (IP address), (7) the internet Service Provider for the accessing system, and (8) other similar data and information used to protect against threats to our information technology systems.

When using this general data and information, the PACTware Consortium e.V. draws no conclusions about the Data Subject. This information is required for (1) delivering the content of our website correctly, (2) optimizing the content of our website and the advertising for our website, (3) ensuring the long-term functionality of our information technology systems and the technology of our website, and (4) providing law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymous data and information is therefore evaluated by the PACTware Consortium e.V. statistically and with the additional aim of increasing the data protection and data security within our company to ensure an optimal level of protection for personal data processed by us. The anonymous data in the server log files is stored separately from all personal data submitted by a Data Subject.

Due to legal regulations, the website of PACTware Consortium e.V. contains information that allows quick electronic contact with our company as well as direct communication with us, which includes a general address for electronic mail (email address). If a Data Subject contacts the Data Controller by email or via a contact form, personal data transmitted by the Data Subject will be automatically saved. Such personal data transmitted voluntarily by a Data Subject to the Data Controller will be stored for the purpose of processing or contacting the Data Subject. This personal data will not be passed on to Third Parties.

The Data Controller processes and stores personal data from a Data Subject only for the period necessary to fulfill the purpose for which the information was saved, or if this is prescribed by the European legislator and regulator, or by another legislator in laws or regulations that apply to the Data Controller.If the purpose for which the information was saved no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, personal data is routinely locked or deleted in accordance with statutory regulations.

A) Right of Confirmation

The European legislator and regulator grants any Data Subject the right to request the Data Controller to confirm whether or not personal data relating to the Data Subject is being processed. If a Data Subject wishes to exercise this right of confirmation, they may contact an employee of the Data Controller at any time.

B) Right to Information

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to obtain at any time and free of charge information from the Data Controller about the personal data stored about their person, and a copy of that information. Furthermore, the European legislator and regulator must provide the Data Subject with the following information:

• Processing purpose
• Categories of personal data that are processed
• The Recipients or categories of Recipients to whom the personal data has been disclosed or is being disclosed, in particular Recipients in third countries or international organizations
• If possible, the planned duration for which the personal data will be retained or, if not possible, the criteria for determining this duration
• The existence of a right to correct or delete personal data concerning them or to restrict the processing of such data by the Responsible Party, or a right to object to such processing
• The existence of a right of appeal to a supervisory authority
• If the personal data was not collected from the Data Subject: all available information about the origin of the data
• The existence of an automated decision-making process, including profiling in accordance with Article 22, Paragraphs 1 and 4 of the GDPR and—at least in these cases—meaningful information relating to the logic involved, and the scope and intended impact of such processing on the Data Subject

The Data Subject is entitled to information on whether personal data has been transferred to a third country or to an international organization. If this is the case, the Data Subject is also entitled to information about the appropriate guarantees in connection with the transmission.

If a Data Subject wishes to exercise this right of access, they may contact an employee of the Data Controller at any time.

C) Right to Correction

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to demand the immediate correction of incorrect personal data relating to the Data Subject. Furthermore, the Data Subject has the right to request the completion of incomplete personal data—including via a supplementary declaration—taking into account the purposes of processing.

If a Data Subject wishes to exercise this right of amendment, they may contact an employee of the Data Controller at any time.

D) Right to Deletion (Right to Be Forgotten)

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to demand that the Responsible Party deletes personal data relating to the Data Subject immediately, provided that one of the following is true and that processing is not necessary:

• Personal data was collected for such purposes or processed in other ways for which it is no longer necessary.
• The Data Subject revokes consent for processing in accordance with Article 6, Paragraph 1, Item a of the GDPR and Article 9, Paragraph 2, Item a of the GDPR, and there is no other legal basis for processing.
• The Data Subject submits an objection to processing in accordance with Article 21, Paragraph 1 of the GDPR, and there are no legitimate superseding reasons for processing, or the Data Subject submits an objection in accordance with Article 21, Paragraph 2 of the GDPR.
• The personal data was processed illegally.
• Personal data must be deleted to fulfill a legal obligation under European Union law or the law of the Member States to which the Responsible Party is subject.
• Personal data was collected in relation to the offer of information society services in accordance with Article 8, Paragraph 1 of the GDPR.

If one of the above reasons applies and a Data Subject wishes to have personal data stored by the PACTware Consortium e.V. deleted, they can contact an employee of the Data Controller at any time. The PACTware Consortium e.V. employee will arrange for the deletion request to be fulfilled immediately.

If the personal data was made public by the PACTware Consortium e.V. and if our company is responsible for deleting personal data in accordance with Article 17, Paragraph 1 of the GDPR, the PACTware Consortium e.V. will take the appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other Data Controllers which process the published personal data that the Data Subject has requested the deletion of all links to this personal data, or the deletion of copies or reproductions of this personal data by these other Data Controllers, provided that the processing is not necessary. The PACTware Consortium e.V. employee will arrange the necessary measures in individual cases.

E) Right to Restrict Processing

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to demand that the Responsible Party restricts the processing of such data if one of the following conditions is met:

• The accuracy of the personal data is disputed by the Data Subject and for a period of time that enables the Responsible Party to check the accuracy of the personal data.
• The processing is illegal, the Data Subject declines deletion of the personal data and instead requests that the usage of the personal data be restricted.
• The Responsible Party no longer needs the personal data for processing purposes, but the Data Subject requires it to assert, exercise, or defend legal claims.
• The Data Subject has objected to the processing in accordance with Article 21, Paragraph 1 of the GDPR, and it is not yet clear whether the justified reasons of the Responsible Party outweigh those of the Data Subject.

If one of the above conditions applies and a Data Subject would like to request that personal data stored by the PACTware Consortium e.V. be restricted, they can contact an employee of the Data Controller at any time. The PACTware Consortium e.V. employee will arrange the processing restriction.

F) Right to Data Portability

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to obtain in a structured, common, and machine-readable format personal data relating to the Data Subject that has been provided by the Data Subject to the Responsible Party. The Data Subject also has the right to transmit this data to another Responsible Party without hindrance by the Responsible Party to whom the personal data was provided, provided that the processing is carried out with consent in accordance with Article 6, Paragraph 1, Item a of the GDPR or Article 9, Paragraph 2, Item a of the GDPR, or with a contract in accordance with Article 6, Paragraph 1, Item b of the GDPR and processing is carried out using automated procedures, provided that processing is not necessary for the performance of a task which is in the public interest or the exercise of public authority that has been entrusted to the Responsible Party.

When exercising their right to data portability, the Data Subject also has the right in accordance with Article 20, Paragraph 1 of the GDPR to ensure that personal data is transmitted directly from one Responsible Party to another, provided that this is technically feasible and that this does not affect the rights and freedoms of other persons.

The Data Subject can contact an employee of the PACTware Consortium e.V. at any time to assert their right to data portability.

G) Right of Objection

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to object to the processing of personal data relating to the Data Subject at any time for reasons related to the specific situation of the Data Subject on the basis of Article 6, Paragraph 1, Items e or f of the GDPR. This also applies to profiling based on these provisions.

The PACTware Consortium e.V. no longer processes personal data in the event of an objection, unless we can provide compelling reasons for the processing that outweigh the interests, rights, and freedoms of the Data Subject, or the processing serves to assert, exercise, or defend legal claims.

If the PACTware Consortium e.V. processes personal data to conduct direct advertising campaigns, the Data Subject has the right to object at any time against the processing of personal data for the purpose of such advertising. This also applies to profiling, provided it is related to such advertising. If the Data Subject objects to the PACTware Consortium e.V. processing their data for purposes of a direct advertising campaign, the PACTware Consortium e.V. will no longer process the personal data for these purposes.

In addition, the Data Subject has the right, for reasons arising from their particular situation, to object to the processing of their personal data undertaken by the PACTware Consortium e.V. for scientific or historical research purposes or for statistical purposes in accordance with Article 89, Paragraph 1 of the GDPR, unless such processing is necessary to fulfill a task in the public interest.

To exercise the right to objection, the Data Subject may directly contact the board of directors of the PACTware Consortium e.V. or another employee. The Data Subject is also free to exercise their right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, with automated procedures using technical specifications.

H) Automated Decisions in Individual Cases Including Profiling

The European legislator and regulator grants any Data Subject whose personal data is being processed the right not to be subject to a decision based solely on automated processing—including profiling—that has legal effects or affects them in a similar manner provided that the decision (1) is not necessary for the conclusion or fulfillment of a contract between the Data Subject and the Responsible Party, or (2) is permitted by European Union law or the laws of the Member States to which the Responsible Party is subject, and that this law contains appropriate measures to protect the rights and freedoms and the legitimate interests of the Data Subject, or (3) takes place with the express consent of the Data Subject.

If the decision (1) is necessary for the conclusion or fulfillment of a contract between the Data Subject and the Responsible Party, or (2) is made with the express consent of the Data Subject, the PACTware Consortium e.V. will take the appropriate measures to protect the rights and freedoms and the legitimate interests of the Data Subject, including at least the right to have a person intervene on behalf of the Responsible Party to present their position and to challenge the decision.

If the Data Subject wishes to assert rights with regard to automated decisions, they may contact an employee of the Data Controller at any time.

I) Right to Revoke Consent under Data Protection Law

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to revoke consent to the processing of personal data at any time.If the Data Subject wishes to assert their right to revoke consent, they may contact an employee of the Data Controller at any time.

The Data Controller has integrated components of YouTube on this website. YouTube is an internet video portal that allows video publishers to post video clips and for other users to view, rate and comment on these videos for free. YouTube allows the publication of all kinds of videos. As a result, entire film and TV programs, as well as music videos, trailers, and user-made videos can be accessed via the internet portal.

YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Each time a user accesses one of the individual pages of this website, which is operated by the Data Controller and into which a YouTube component (YouTube video) has been integrated, the internet browser on the Data Subject's information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. For more information about YouTube, visit www.youtube.com/yt/about/. As part of this technical process, YouTube and Google will receive information regarding the specific subpage of our website being visited by the Data Subject.

If the Data Subject is logged into YouTube at the same time, YouTube will recognize which specific subpage of our website is being visited by the Data Subject when the subpage containing a YouTube video is accessed. This information is collected by YouTube and Google and is assigned to the respective YouTube account of the Data Subject.

YouTube and Google receive information via the YouTube component that the Data Subject has visited our website whenever the Data Subject is simultaneously logged into YouTube when accessing our website, regardless of whether or not the Data Subject clicks on a YouTube video. If the Data Subject does not wish to transmit such information to YouTube and Google, they may prevent transmission by logging out of their YouTube account before accessing our website.The data protection regulations published by YouTube can be found at https://policies.google.com/privacy and provide information about the collection, processing, and use of personal data by YouTube and Google.

Article 6, Paragraph 1, Item a of the GDPR serves as the legal basis for our company's processing operations, for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract of which the Data Subject is a party, such as in the case of processing operations necessary for the supply of goods or the provision of any other service or return service, processing shall be based on Article 6, Paragraph 1, Item b of the GDPR. The same shall apply for processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries concerning our products or services. If our company is subject to a legal obligation for which processing of personal data is required, such as for the fulfillment of tax obligations, processing is based on Article 6, Paragraph 1, Item c of the GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the Data Subject or of another natural person. This would be the case, for example, if a visitor to our facility was injured and it was necessary to pass their name, age, health insurance data, or other vital information on to a doctor, hospital, or other third party. In this case, processing would be based on Article 6, Paragraph 1, Item d of the GDPR. Ultimately, processing operations may be handled based on Article 6, Paragraph 1, Item f of the GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard the legitimate interest of our company or a third party, unless these are outweighed by the interests, fundamental rights, and fundamental freedoms of the Data Subject. We are permitted to carry out such processing operations in particular, because they have been specifically mentioned by the European legislator. In this respect, the European legislator considers that a legitimate interest can be assumed if the Data Subject is a customer of the Responsible Party (Recital 47, Sentence 2 of the GDPR).

If the processing of personal data is based on Article 6, Paragraph 1, Item f of the GDPR, our legitimate interest is to conduct our business for the benefit of all our employees and shareholders.

The criterion for the duration of the storage of personal data is the respective legal retention period. After expiration of this period, the relevant data will be routinely deleted, provided that it is no longer required for fulfilling or initiating contracts.

We will inform you if the provision of personal data is in part required by law (e.g., tax regulations) or is resulting from contractual regulations (e.g., information about the contractual partner). It may sometimes be necessary for a contract to be concluded that requires a Data Subject to provide us with personal data, which must subsequently be processed by us. For example, the Data Subject is obliged to provide us with personal data when our company enters into a contract with them. Failure to provide the personal data would result in the contract with the Data Subject not being concluded. Before providing personal data, the Data Subject must contact one of our employees. Our employee will inform the Data Subject on a case-by-case basis whether the provision of personal data is required by law or by contract, whether there is an obligation to provide the personal data and what consequences non-provision of the personal data would have.

As a responsible company, we do not require automatic decision-making or profiling.

This data protection declaration was prepared using the Privacy Policy Generator from DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as External Data Protection Officer Hof, in cooperation with Lawyer for Data Protection Law Christian Solmecke.