Privacy Statement

Valid: 30 August 2020

This Privacy Statement will inform you about the type, the scope of and the purposes for the collection and use of personal data on this website.

The controller is the COMATCH GmbH, Stromstraße 15, 10551 Berlin, Germany, registered at the Charlottenburg Local Court under HRB 162116 B, represented by the managing directors Dr. Christoph Hardt and Dr. Jan Schächtele (“we/us/our”) as the operator of an online platform at www.comatch.com and its related services (“COMATCH” or “website”).

Should you have any questions about privacy protection, feel free to contact us at any time by telephone at +49-(0) 30-40365690 (during regular business hours, Monday to Friday from 9am to 6pm) and by email at info@comatch.com.

In addition, we have appointed Prof. Thomas Jäschke of the DATATREE AG, Heubestraße 10, 40597 Düsseldorf, Germany, as our external data protection officer who can be contacted by telephone at +49-(0)211-93190798 (during regular business hours, Monday to Friday from 9 AM to 6 PM) and by email at dsb@datatree.eu.

A. What is personal data?
B. What personal data is collected when using COMATCH’s services?
C. How is the collected data used, disclosed and, if applicable, transferred to third parties?
D. What cookies, services, offers, and third-party web tools are used?
E. Is data transferred to countries outside of the EU?
F. Your rights: Access, withdrawal, changes, rectification and updates, erasure, restriction of processing, data portability, and the right to object
G. Data protection and applicability
H. Privacy statement applicability and changes

A. What is personal data?

Personal data is defined as information through which a person may be identified, i.e., that can be traced to a specific person. This includes one’s name, email address, and telephone number, but also data on one’s preferences, hobbies, memberships, or viewed websites.

We only collect, use or transfer personal data provided to us if permitted by law or if users consent to the data collection.

B. What personal data is collected when using COMATCH’s services?

Data collected when visiting our website

We (respectively the web space provider) collect data on every visit to our website (so-called server log files) (“access data“). Access data includes:

Name of the visited website, the file, the time and date of the visit, the amount of data transmitted, a report of successful access, your browser type and version, your operating system, the referrer URL (last visited page), IP address and the requesting provider and when using a mobile device, additionally:
Country code, language, device name, operating system name and version

We will use these access data for statistical evaluations for the operation, safety and optimization of COMATCH offers. However, we reserve the right to subsequently review access data if specific indications create justified suspicions of unlawful use. We process data on the basis of Art. 6(1) Letter c of the General Data Protection Regulation (GDPR) and Art. 6(1) Letter f of the GDPR and pursue our (and our commissioned third parties’) legitimate interests in quality assurance.

Data collected when contacting us

When contacting us (e.g., by email), your data will be saved to process your inquiry and for any subsequent questions. Furthermore, we will process your personal data to establish and maintain business contacts, and to acquire new clients. This will be done on the basis of your consent based on Art. 6(1) Letter a of the GDPR, to execute your request based on Art. 6(1) Letter b of the GDPR or based on our legitimate interest in client acquisition.

Data collected during registration

When registering on our website, the email address and password you enter will be saved. In the following registration steps, any personal data you disclose as part of the registration process will be collected and saved, e.g., “user information”, such as your name, address, telephone number, email address or gender

In addition, when registering as a consultant, “profile data” will be collected:

Date of birth and other non-public personal data on your training and professional experience

Furthermore, when creating a consultant user profile, additional optional data, such as willingness to travel and work preferences, may be collected and saved which the user may review, change or delete at any time in the user profile.

During each registration step, you will be asked if you would like to save the data you have entered. If you agree, your data will be saved. You may cancel this process without this data being deleted, allowing you to continue your registration at a later time without having to re-enter that data. If you do not agree, the data you entered will not be saved. If you do not complete the registration process, your data will be erased after 6 months. If you complete the process, your data will be saved until you withdraw your consent or in compliance with legal storage obligations (see also F. Your rights).

User data collected as part of the registration and other profile data will be used in the operation of COMATCH and the provision of its services and those of the website www.comatch.com. Any user information and profile data collected by us will only be used by us insofar as doing so is specified by us in our consultant terms and/or this Privacy Statement. This is done on the legal basis of Art. 6(1) Letter b of the GDPR or, if data is provided voluntarily, the user’s consent (Art. 6(1) Letter a of the GDPR).

The services provided by us after successful registration are not offered to persons under 18 years of age. Therefore, no personal information on visitors younger than 18 years of age is intentionally collected during registration.

Consultant payment data

After registration and for the purpose of payment processing to consultants, we will collect the following “payment data”Bank account number/Bank sort code or IBAN, BIC, account holder’s name, tax number

This payment data will only be collected, saved and used by us for billing and payment transactions of fees to which consultant users are entitled in accordance with the regulations of the contract between COMATCH and the consultant. The user may review, change or delete this data on his user profile at any time. This is done on the legal basis of Art. 6(1) Letter b of the General Data Protection Regulation.

C. How is the collected data used, disclosed and, if applicable, transferred to third parties?

Use of your data

Generally, data that you provide to us will either be used to allow us to perform our services, to answer your questions or to help us provide a better service for you. We use your data and information, among other things, for the following purposes:

  • easier creation and security of your account;
  • recognition as a user by our system;
  • improvement of our website and services;
  • internal research and development purposes as part of existing contractual relationships with COMATCH;
  • client-specific design to meet your preferences;
  • prevention of re-registration by blocked users;
  • performance of the services requested by you;
  • sending your profile to a client after receiving your permission;
  • sending a welcome email to ascertain that the email address used to register the account is yours;
  • sending administrative email notifications and security, support or maintenance emails;
  • answering your requests and questions;
  • occasional telephone conversations with you for secondary fraud protection or to obtain feedback from you
  • sending emails to registered users with contents related to our services, insofar as the user does not object.

This is done on the legal basis of Art. 6(1) Letter b of the GDPR or on the basis of our legitimate interests in quality assurance and marketing under Art. 6(1) Letter f of the GDPR.

Disclosure and transmission of your data to third parties

We will only disclose your data and user information on the website or to third parties as described hereafter or subsequently in this Privacy Statement.

Links to social networks

If you (i) log in to our service using the log-in data of a social network (such as LinkedIn or XING) and/or (ii) link your account to your social network account, we may obtain information about you from the website of the social network in accordance with the usage terms and the privacy policy (“SNS terms”) of the social network. This information consists of the data that can be viewed on your user profile on the respective social network (i.e., your name, professional experience and expertise, etc.) that is transmitted to us after you provide your approval.

We may add this information to the data that we have already collected about you. This information will be saved and used by us to provide our offers and services. This data processing is performed on the basis of your consent (Art. 6(1) Letter b of the GDPR) or on the basis of a contract with us (Art. 6(1) Letter b of the GDPR).

LinkedIn’s Privacy Policy can be found at: https://www.linkedin.com/legal/privacy-policy
XING’s Privacy Policy can be found at: https://privacy.xing.com/en/your-privacy

Other processing, disclosure and profiling

The legal basis for data processing when using our offer is generally Art. 6(1) Letter b of the GDPR, i.e., data is processed because it is required for the performance of a contract between us or to implement pre-contractual measures following your inquiry.

Furthermore, Art. 6(1) Letter a of the GDPR provides the legal basis for the processing of data for certain purposes to which the data subject grants his or her prior consent.

Your data may be processed on the basis of Art. 6(1) Letter c of the GDPR if processing is required for the fulfillment of legal obligations to which we or other controller are subject or on the basis of Art. 6(1) Letter e of the GDPR if processing is required for the performance of a task in the public interest, the responsibility of which has been transferred to us or respectively to the controller.

In addition, if data is collected when visiting our website or if data is transmitted to our shareholders or external service providers, the legal basis for processing is Art. 6(1) Letter f of the GDPR if processing is necessary to safeguard our or a third party’s legitimate interests and if these legitimate interests are not outweighed by your interests or basic rights that require the protection of your personal data. Legitimate interests are present, e.g., if there is a relevant and appropriate relationship between you (or the data subject) and us (or the controller), such as when you are our client or consultant.

Your data may be transferred to service providers who have been contracted for data processing, e.g., to print shops for sending print mailings, the newsletter service provider Mailchimp to distribute our newsletter or IT service providers to provide our website, server services and the database. Data processing agreements are concluded with service providers who are not subject to the US-EU Privacy Shield agreement.

Furthermore, please note the respective processing descriptions laid out in this Privacy Statement.

No “profiling”, i.e., automated decision-making, will be performed when using our offer. However, third-party providers featured by us may perform such profiling in individual cases. Profiling is performed on the legal basis of Art. 22 of the GDPR and is permitted for the conclusion or performance of a contract or on the basis of legal regulations.
Please especially note that use of Google, XING and LinkedIn through respective accounts may lead to automated decision-making (“profiling”). On XING and LinkedIn, these settings may be managed on your account network. When using Google, you may object to profiling by activating the following link: https://adssettings.google.com/authenticated.

Personal reviews will only be performed in special cases, e.g., if you take on projects for bank/financial service clients subject to special legal regulations. In such cases, you will be informed in advance and you will be asked for your consent before performing such a review.

Our clients may also review the consulting services of individual consultants. You can view these reviews on your consultant profile. These reviews are performed on the basis of our legitimate interest (quality assurance control, i.e., recruitment of reliable and qualified consultants). Please inform yourself about your rights to access, withdrawal, changes, rectification, erasure and restriction of processing under F.

D. What cookies, services, offers and third-party web tools are used?

Cookies

Cookies are small files that allow information related to the access device of the user (PC, smartphone, etc.) to be saved on the device. They ensure user-friendliness of websites for you (e.g., by saving log-in data). They also allow statistical data on website usage to be collected so that it can be analyzed by COMATCH to offer improvement.

Objection:

You can control the use of cookies. Most browsers have an option to restrict or prevent cookies from being saved. However, please note that usage, especially comfort of use, will be limited without cookies.

When you visit COMATCH, so-called session cookies will be created that will be automatically deleted from the user’s computer’s memory after you close your browser window. Session cookies are needed to assign successive access to the site to users accessing COMATCH at the same time.

Additionally, COMATCH uses the following cookies:

NameLife timePurpose
SessionResumeToken1 yearIdentifies users when re-sending verification e-mail while not logged in
lastUserAgentInfo_unlimitedDetects when user accesses the application with different browser than last time
pricingToolDisabled1 yearDisables the Pricing Tool, which allows users to get insights into daily rates of independent consultants, after usage limit is reached. Tool is then blocked and a login is required.
langunlimitedStores the preferred user interface language of the use
crc1 yearIdentifies if you have accessed the COMATCH website in response to a marketing campaign. The campaign´s identifier (the end of the URL you used to access COMATCH) is saved in this cookie.
UTM-info100 days
useOfCookiesAgreedunlimitedThis cookie saves the information that you have been informed about the usage of cookies on our website / platform through the cookie banner.

You may manage online company ad cookies through the US website http://www.aboutads.info/choices/
or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.

General third-party websites

By clicking on a link to another website or location, you will leave our website and navigate to another website; in this case, your personal information or anonymous data may be collected by another provider. We do not monitor or review these external websites or their contents and shall not be liable for them or their contents. Please note that the regulations of these privacy protection guidelines do not apply to these external websites, their contents or to any data collected after you click on links to such external websites.

Google (Universal) Analytics

COMATCH uses “Google Analytics,” a web analysis service provided by Google Ireland Limited (“Google”), a company registered and operated under Irish law (Register Number: 368047) and based at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses so-called “cookies,” text files saved onto your device and that allow us to analyze how COMATCH is used. The information on your use of COMATCH, e.g., your browser type/version, operating system, referrer URL (the last visited website), hostname of the accessing computer (IP address), time of the server request when using the website generated by the cookie is generally transmitted to a Google server in the US where it is saved. However, due to the activation of IP anonymization on COMATCH, IP addresses will be shortened by Google within member states of the European Union or in other states party to the European Economic Area Agreement. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there.
IP anonymization is activated on COMATCH. On behalf of COMATCH, Google will leverage this information to assess the use of COMATCH by its users, compile reports about website activity and to provide additional services related to COMATCH offers. If IP anonymization is not activated, data will be processed on the legal basis of Art. 6(1) Letter f of the GDPR whereby we will pursue our legitimate interests (or those of third parties commissioned by us) in quality assurance or statistical analyses of user behavior.

Your browser’s IP address that is transmitted through Google Analytics will not be merged with other Google data. You can prevent cookie storage through their browser settings. However, please note that this may prevent you from using all COMATCH functions.

For registered users, Universal Analytics of Google is used additionally. Universal Analytics enables information about the use of the COMATCH platform on various devices (“cross device”) to be obtained. Using cookies (small text files, see also “Google Analytics”), a pseudonymized user ID will be created and applied. This does not include additional personal data, e.g., your name or email address, and is not transferred to Google as such. This data processing is performed on the basis of our legitimate interests in optimizing the use of our website on various devices, assuring quality and assessing user behavior statistically.

Objection to Google Analytics: Furthermore, you can prevent the collection of cookie-generated data (including your IP address) on your use of the website and the processing of this data by Google by downloading and installing the browser plugin provided under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Objection to Universal Analytics: You may object to the collection of your data by Universal Analytics at any time for the future by disabling cross-device user analysis on your user account. For more information about Universal Analytics, please see:
https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376.

For more information, please see Google’s Privacy Policy: https://policies.google.com/privacy

Google Tag Manager

Our website uses the Google Tag Manager of Google Ireland Limited (“Google”). Google Tag Manager provides a surface for managing website tags. Tags are small code elements on your website for measuring user behavior, determining the effects of online advertisements and social channels, using remarketing and focusing on and testing, and optimizing our website for our target groups. The Tag Manager tool (implemented in the tags) is a cookie-free domain. This tool activates other tags that may collect data. Google Tag Manager does not access this data. In case of deactivation on the domain or cookie level, the deactivation will remain in place for all tracking tags implemented through Google Tag Manager. Data will not be provided to other Google products without your consent.

Whenever personal data is processed, processing will be performed on the legal basis of Art. 6(1) Letter f of the GDPR, whereby we will pursue our legitimate interests (or those of third parties commissioned by us) in quality assurance or statistical analyses of user behavior.
For more information, please see Google Site Stats: http://services.google.com/sitestats/en.html

Outbrain

To advertise for our website on publisher pages, we use technology from the UK-based provider Outbrain. When using this service, cookies from Outbrain will be installed to draw attention to additional contents on our website or on third-party websites on the basis of anonymized data. This selection of recommendations displayed to the user in the widget is based on contents viewed recently by the user. The displayed contents are provided technically by Outbrain. For this, Outbrain collects the following data: Device source, browser type and the user’s pseudonymized IP address. To anonymize the IP address, the last octet of the IP address is removed to prevent inferences to individual users. COMATCH does not process personal data when using Outbrain.

For more information, please see Outbrain’s Privacy Policy: http://www.outbrain.com/de/legal/. You may object to this tracking for displaying interest-based recommendations at any time. For more information, please see the section “Outbrain User Types” (including deactivation and opt out options) in Outbrain’s Privacy Policy: https://www.outbrain.com/de/legal/privacy.

Hotjar

Our website uses Hotjar. Hotjar is a web analysis service of Hotjar Limited (Level 2, St. Julian’s Business Centre 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta).

Hotjar enables us to protocol and assess user behavior, especially your mouse behavior (movements, clicks), on our website. Your visit to our website will be anonymized. Furthermore, only information on your operating system Internet browser, incoming or outgoing references (so-called links), your geographic location and your device will be assessed and used for statistical purposes.

You may stop the analysis of your user behavior at any time using the so-called opt-out. By confirming the link: https://hotjar.com/opt-out,

A cookie that immediately prevents further analysis will be saved in your browser. Please note that you must confirm the above link again if you delete cookies saved on your device.

The use of Hotjar is performed on the legal basis of Art. 6(1) Letter f GDPR. This service allows us to analyze user behavior on our website, to enable us to assess and optimize our operations, and to adjust our web presence to our users’ interests.

LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag of the LinkedIn Corporation (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA or LinkedIn Ireland, Wilton Place, Dublin 2, Ireland) and the related conversion tracking technology and retargeting function. The LinkedIn Insight Tag is a JavaScript code snippet. Visitors’ URLs, referrer URLs, IP addresses, devices and browser characteristics, timestamps and page views are saved by this code. This data is anonymized in encrypted form within 7 days. The anonymized data will be erased within 90 days. We do not receive personal data from LinkedIn and can only view report summaries on our website’s target groups and advertisement performance. If you are logged into your LinkedIn account during an online session, LinkedIn will assign your visit to our website to your user account. In addition, the use of this tag allows visitors to our website to be retargeted. Retargeting enables us to display advertisements to our website’s visitors outside of our website.

The legal basis for our use of the LinkedIn Insight Tag is our legitimate interest (Art. 6(1) Letter f GDPR) in measuring, analyzing and optimizing our website’s success based on the results.

For LinkedIn’s Privacy Policy, please see:
https://www.linkedin.com/legal/privacy-policy

For more in-depth information about the LinkedIn Insight Tag, please see especially:
https://www.linkedin.com/help/lms/answer/81849/das-insight-tag-von-linkedin-haufig-gestellte-fragen?lang=en.

LinkedIn is certified under the Privacy Shield agreement and therefore guarantees compliance with EU data protection laws.

You may disable the collection of your data by the LinkedIn Insight Tag using the following opt-out link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

If you have a LinkedIn account, click on “Reject on LinkedIn.” Other users, please click on “Reject.”

Links to social media

COMATCH is connected to various social networks, i.e., Facebook, Twitter, XING and LinkedIn, through links. Activating such buttons will forward you to the COMATCH page on the respective social network where data will only be processed by the servers of the respective social network.

COMATCH pages on social networks LinkedIn, Xing, Twitter and Facebook

COMATCH uses the social media platforms and services of the LinkedIn Corporation (Ireland, Wilton Place, Dublin 2, Ireland, XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). Social media presence helps COMATCH communicate with users and prospective clients and provide information about COMATCH’s offers and services.

When visiting our company presence on a social network, your IP address, as well as cookies, pixels and web beacons will provide the social network provider with personal information about you, your surf, user behavior, your interactions and your respective location. The social network provider will use this information to create a user profile. We cannot exclude the possibility that data saved in user profiles may be saved across devices and/or that your user profile may be linked to your data saved by the network.

The social network uses personal information collected about you in this way to compile statistics about its use and user structure to place interest-based advertisements inside and outside of the network. Furthermore, social network marketing models require social networks to transfer data on your user behavior to and to receive data on your surf/usage behavior from third parties (advertising partners) outside of the network.

These social networks provide anonymized statistical data to advertisers through their offers “Facebook Insights,” “LinkedIn Website Demographics” and “Twitter Analytics,” e.g., information about page views, activities, male/female ratios, professional positions, corporate divisions, etc. (see https://www.facebook.com/iq/tools-resources/audience-insightshttps://business.twitter.com/en/blog/7-useful-insights-Twitter-analytics.html or https://www.linkedin.com/help/lms/answer/82351). We have no influence on and cannot prevent the data processing performed for this purpose and are not granted access to underlying data.

We use these offers to better understand the structure and interests of users and to adjust our website accordingly. It also allows us and the social network providers to offer better advertisements, e.g., through information about the demographic or geographic distribution or gender of users. These statistics enable us to recognize user tendencies and display more relevant content.

When using Facebook, Twitter or LinkedIn, data will be transferred to the US. These providers are certified under the Privacy Shield agreement and are required to comply with EU data protection standards (https://www.privacyshield.gov/list).

Please note that, as the controller of a Facebook fan page, we are jointly responsible with Facebook for the processing of personal data of visitors to our page (see European Court of Justice Judgment on C-210/16, 5 June 2018). Facebook recognizes joint responsibility with controllers for Facebook Insights data and assumes primary responsibility, see:
https://www.facebook.com/legal/terms/page_controller_addendum.

Rights to access or user rights may be exercised most effectively against Facebook.

For more information about the collection and use of data and about your rights and privacy options, please see:
https://www.facebook.com/policy.php

For LinkedIn’s Privacy Policy, please see: https://www.linkedin.com/legal/privacy-policy

For Xing’s Privacy Policy, please see: https://privacy.xing.com/en

For Twitter’s Privacy Policy, please see: https://twitter.com/en/privacy

Please do not hesitate to contact us if you have any questions or need additional assistance.

E. Is data transferred to countries outside of the EU?

When using our offer, your data may be transferred to third countries, i.e., states outside of the EU, due to the featured third-party service providers.

Services on websites that process data outside of the EU

When using our website, data may be transferred outside of the EU through our website when visiting or using COMATCH. This applies to services of Google and the social media providers Facebook, Twitter and LinkedIn. The US companies that offer Google services are certified under the EU-US Privacy Shield agreement and therefore guarantee adherence to data protection in accordance with EU standards.

Other external providers who process data outside of the EU

If you registered on our website as a consultant or client, data will be transferred outside of the EU, e.g., to process client inquiries or internal communication, through the use of cloud and hosting services, CRM services or external service partners acting on our behalf and who support us with the performance of our business activities and with the providing of our website (legal basis: Art. 6(1) Letters b and f of the GDPR).

We use the newsletter tools Mailchimp and Hubspot to send you information by email. They are certified under the EU-US Privacy Shield agreement. In addition, we concluded a data processing addendum to ensure adherence to EU data protection regulations.

We use Hubspot as a CRM tool. EU standard contractual clauses have been concluded with Hubspot to ensure adherence to EU data protection regulations.

F. Your rights: Access, withdrawal, changes, rectification and updates, erasure, restriction of processing, data portability and the right to object

Withdrawal

You have the right to withdraw your consent for the future use, processing and transfer of your data at any time which you may exercise by contacting us at info@comatch.com if processing is performed on the basis on your consent.

In case of withdrawal, we will no longer process data saved on you (or the data subject) and will erase this data without undue delay. However, this does not apply if we can demonstrate reasons for the processing that override your interests, rights and freedoms or if processing is necessary for the establishment, exercise or defense of legal claims.

We will therefore continue to use this data, e.g., if it is needed for the performance of a contractual relationship.

Right to access

You have a legal right to information about the personal data saved on you at any time. To exercise this right to access, please contact us at info@comatch.com.

However, this right to access especially does not apply to data saved only because it may not be erased due to legal or statutory storage requirements or to data that is only used for data protection or data protection control purposes and where providing this information would require disproportionate effort or to processing for other purposes excluded by suitable technical and organizational measures.

Rectification and completion of data

You have the right to obtain rectification of inaccurate personal data saved on you. In consideration of the processing purposes, you also have the right to obtain completion of incomplete personal data—including through an additional statement. To exercise these rights, please contact us at info@comatch.com.

Erasure (“right to be forgotten”)

You have the right to erasure without undue delay of any personal data saved by us. To exercise this right, please contact us at iinfo@comatch.com.

Please also see the following sections “Restriction of processing” and “Storage duration of personal data; storage period limitation” below.

Restriction of processing

You or the data subject have the right to restriction of processing of the personal data saved by us. To exercise this right, please contact us at info@comatch.com.

However, you may only exercise your right to processing restriction if the following requirements are met:

  • The accuracy of the personal data is contested by the data subject for a duration that allows the controller to review the accuracy of the personal data;
  • Processing is unlawful and the data subject rejects the deletion of the personal data and instead demands its restriction;
  • The controller no longer needs the personal data for processing purposes, but for the establishment, exercise or defense of legal claims; or
  • The data subject objects to the processing before it has been determined whether the controller’s legitimate interests outweigh those of the data subject.

If you exercise this right to restriction of processing, we will notify you accordingly before lifting the restriction.

In certain cases, processing may be restricted instead of erasing the data. See especially “Erasure (‘Right to Be Forgotten’)” above

Right to data portability

You have the right to receive the data you provided to us in a structured, commonly used and machine-readable format. To exercise this right to information, please contact us at info@comatch.com.

Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, if the processing is based on consent or on a contract to which the data subject is party and if the processing is performed through automated means. When exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another if technically feasible.

However, this right does not apply if the rights and freedoms of another person will be impaired or to processing required for the performance of a task in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to submit a complaint to a competent supervisory authority of your choice. In Germany, the competent supervisory authorities are the data protection authorities specified by the laws of the respective federal states.
For a list of data protection authorities, please see: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html (German) or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Our competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit [Berlin Data Protection and Freedom of Information Officer]
Friedrichstraße 219 | 10969 Berlin | Germany
Tel.: +49-(0)30-138-89-0 | Email: mailbox@datenschutz-berlin.de

Storage duration of personal data; storage period limitation

We will generally only save your personal data for as long as required for the performance of the contract or respective purposes and limit the storage duration to the absolutely necessary minimum.

In case of longer contractual relationships, such as when using our offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or to the legally required storage periods (e.g., under the German Commercial Code [Handelsgesetzbuch (HGB)] or the German Fiscal Code [Abgabenordnung (AO)] for inventory data. Storage duration criteria include whether the data is up to date, whether there is a contractual relationship with us or if an inquiry was already processed or if a process has already been completed and whether legal storage periods apply to the respective personal data.

G. Data protection and applicability

Data protection

COMATCH is very concerned about the security of your personal data. We (and our external service providers) use a number of standard industry security technologies and procedures to protect your personal information from unauthorized access, use or disclosure. Principally when offering our services and especially if you enter sensitive information (e.g., account information) onto your profile, we (or our external service providers) will encrypt this information using the Secure Sockets Layer (SSL) technology.

Data of our COMATCH services will be exclusively saved and processed on servers in the European Union (EU), unless other information is provided to the user.

H. Privacy statement applicability and changes

Our Privacy Statement may be viewed on and printed from our website at any time at https://www.comatch.com/en/privacy/.

We may change this Privacy Statement under adherence to applicable regulations.