Privacy

1. name and contact of the responsible person according to article 4 para. 7 GDPR

Company:

La Cocina Ltd.
Ludwig-Erhard-Strasse 37
D-20459 Hamburg

Management: Cilia Kaeker

Phone: 040 63 65 08 11
Fax: 040 63 65 08 12
E-mail: hamburg@lacocina.de

2. general information on data processing

a. Scope & purpose of the processing of personal data

We process your personal data as a user of this website only to the extent necessary to provide a functional website and our content and services. Your personal data will only be processed after your consent has been obtained for the intended purpose, unless the data processing is also permitted by law without obtaining prior consent. The purposes of the processing result from the processing activities described in more detail below.
The transmission of your data is encrypted (SSL SHA 256).

b. Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) a) of the General Data Protection Regulation (DSGVO) serves as the legal basis. If the processing of your data is necessary for the performance of a contract to which you are a party, Art. 6 (1) b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of your personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) c) DSGVO serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not override the former interest, Art. 6 (1) f) DSGVO serves as the legal basis for the processing.

c. Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, data may be stored if this is required by law or other legal provisions that are binding for us. Data will also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

d. Types of data processed

Unless otherwise explained below, the following types of data are processed:

User data (e.g. name, address when contacting or booking/ordering)
Contact details (e.g. e-mail address, telephone number likewise when contacting or booking/ordering);
Content data (e.g. text input when contacting us)
Usage data (e.g. by calling up our websites, access data);
Communication and metadata (e.g. IP addresses, device information).

e. Purposes of the processing

The data processing is carried out for the provision of the online offer, its functions and contents, in particular also for course booking, for answering contact inquiries and communication with users, security measures as well as the optimization of our offer (marketing), unless other purposes are specified below.

f. Categories of data subjects

Data subjects” are the visitors/users of these web pages and customers of our offers on these pages.

g. Rules for the provision of data and consequences of non-provision

The provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner).

For the conclusion of a contract, such as the booking of one of our courses, it may be necessary for you to provide us with personal data that must subsequently be processed by us. For example, you are obliged to provide us with personal data if our company concludes a contract with it. Failure to provide the personal data would mean that the contract could not be concluded.

h. No automated decision making

Automated decision-making does not take place through us.

3. your rights

When processing your personal data, you have the following rights, which we are happy to inform you about. For this purpose, you can contact us as the responsible party, the contact details can be found above under point 1.

a. Right of access (Art. 15 GDPR)

Upon request, we will confirm whether personal data concerning you is being processed. If this is the case, you have the right to be informed about the following information

the purposes of the data processing the categories of data processed, and
If applicable, the recipients or categories of recipients to whom data are disclosed due to legal obligations or contractual relationships; in particular, in the case of recipients in third countries, the planned storage period, or if this is not possible, the criteria for determining the duration the existence of a right to rectification or erasure of the personal data concerning them, or to restriction of processing by us or a right to object to such processing
the existence of a right of appeal to the supervisory authority in the event that the personal data are not collected from the data subject: Any available information about the origin of the data the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the scope and the intended effects of such processing for the data subject in case of transfer to a third country or to an international organization, about the appropriate safeguards in connection with the transfer. Upon request, we will provide you with a copy of the data collected and processed about you. This is basically done free of charge.

b. Right of rectification (Art. 16 GDPR)

You have the right to request that inaccurate personal data concerning you be corrected without delay. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.

c. Right to erasure (Art. 17 DSGVO) (so-called right to be forgotten)

Upon request or after fulfillment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with tax or commercial law retention or documentation obligations or if the safeguarding of the legitimate interests of the responsible party is at risk.

A claim for deletion exists under the following conditions:

The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
You revoke your consent on which the processing is based pursuant to Art. 6 para. 1 a) DSGVO or Art. 9 para. 2 a) GDPR and there is no other legal basis for the processing.
Pursuant to Art. 21 para. 1 DSGVO objects to the processing and there are no overriding legitimate grounds for the processing, or an objection has been raised pursuant to Article 21(1) DSGVO. 2 DSGVO objected to the processing.
the personal data have been processed unlawfully.
the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR collected (consent was given by a child).

d. Right to restriction of processing (Art. 18 DSGVO) (blocking)

Under the following conditions, you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:

the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data.
the processing is unlawful, you object to the erasure of the personal data and request instead the restriction of the use of the personal data. The controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims. The user has the right to object to the processing pursuant to. Art. 21 par. 1 DSGVO and it is not yet clear whether the legitimate reasons of the controller outweigh those of the user.

e. Right to data portability (Art. 20 GDPR) (Data portability)

Upon request, your data can be provided in a structured, common and machine-readable format for you and a service provider working in the connection to enable fast transmission. This applies in any case insofar as the processing is based on consent pursuant to Art. 6 para. 1 a DSGVO or Art. 9 para. 2 a) DSGVO or on a contract pursuant to Art. 6 para. 1 b DSGVO and the processing is carried out with the aid of automated procedures.

f. Right of objection (Art. 21 DSGVO)

You also have the right to object to the processing of your personal data. If the processing is carried out for the purpose of direct marketing (e.g. newsletter), this right exists at any time. Otherwise, the right may also exist for reasons arising from your particular situation to object at any time to the processing of personal data concerning you. This applies only to the extent that the processing is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO (exercise of public interests or protection of legitimate interests by the controller). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. To exercise this right of objection, you can also send us an informal message stating your e-mail address via the contact options mentioned in section 1, in which your objection is expressed.

g. Right of appeal to the supervisory authority (Art. 77 DSGVO)

If you are of the opinion that there has been a breach of data protection regulations, you have the right to lodge a complaint with the responsible supervisory authority. For example, for Hamburg this is the Hamburg Commissioner for Data Protection and Freedom of Information, Kurt-Schumacher-Allee 4, 20097 Hamburg, Tel.: 040 428 54 4040, E-Mail: mailbox@datenschutz.hamburg.de, Internet: https://www.datenschutz-hamburg.de

f. Revocation of your consents (Art. 7 para. 3 GDPR)

You can revoke your consent once given at any time by declaration to us. This has the consequence that we may no longer continue the data processing based on this consent in the future.

4. server and log files

In the case of merely informative use of the website, i.e. if you do not transmit any other information to us, we only collect the personal data that your browser transmits to our server, unless otherwise explained below. These are technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1, p. 1 f) DSGVO):

Date and time of retrieval,
Name of the accessed pages,
IP address of the requesting device (anonymized),
Referrer URL (origin URL from which visitors came to our web pages),
Browser type, language & version,
Operating system
For security reasons, the IP address is stored for a maximum of 14 days and then completely deleted.

Order processing: Agency and hosting

We use processors for certain services in connection with the operation of this website in accordance with Art. 28 DSGVO: An agency for the administration and technical optimization of the website and a so-called hoster. This hoster provides, among other things, IT infrastructure, computing services, database services, e-mail dispatch, security services, server storage space and technical maintenance services.

Here we process. or our order processors on our behalf inventory data, contact data, content data, contract data, usage data, meta data and communication data of our visitors to our website.

The processing by us and the aforementioned processors takes place here exclusively within the framework of an agreement pursuant to Art. 28 DSGVO, whereby the aforementioned data is processed on the basis of our legitimate interests in a professional and secure provision of our website pursuant to Art. 6 para. 1 f) DSGVO processed.

5. use of cookies

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and allow certain information to flow to us as the entity that set the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.

This website uses temporary cookies, among other things, to optimize this website. Temporary cookies are automatically deleted after a certain period of time. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. Furthermore, HTTP and pixel cookies are used. Some cookies are from us (so-called first-party cookies) and some are from third parties (third-party cookies).

They serve the optimization of this website as well as basic functions, such as the ordering process for course bookings (function cookies)

Insofar as these cookies and/or information contained therein are personal data, if your consent is given, the legal basis for the data processing is Art. 6 para. 1 a), otherwise Art. 6 para. 1 f) DSGVO, due to our legitimate interest in optimizing our website. For functional cookies, such as the cookie for the booking/ordering function, however, Art. 6 para. 1 b) DSGVO the legal basis.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website. In addition, you can generally object to the use of cookies for online marketing, for example, on the http://www.youronlinechoices.com/ page. You can delete the cookies in the cookie/security settings of your browser at any time.

6. contact us

Contact us by email, mail & phone

You have the possibility to contact us in several ways. By e-mail, by phone or by mail. When you contact us, we use the personal data that you voluntarily provide in this context solely for the purpose of contacting you and processing your request. The legal basis for this data processing is Art. 6 (1) b) DSGVO. Your data will be deleted when it is no longer required for the purpose of processing and there is no legal obligation to store it. Please note that despite all security measures, there may be security gaps, especially when communicating via unencrypted e-mails, so that absolute protection cannot be guaranteed.

7. (Pre-)Contractual services

Processing in connection with course or event bookings and vouchers

We process your personal data here only to the extent necessary to process your orders for vouchers and bookings for courses and events on our site, or in the context of your contact, in particular for reservations.

We only ever process the personal data that you provide us with, such as your name, contact details, payment data and order data. The data processing is carried out for the purpose of fulfilling the contract as well as carrying out pre-contractual measures on the legal basis of Art. 6. para. 1 b) DSGVO. In order to process your e-mail address in the event of an order, we are also required by law in the German Civil Code (BGB) to send an electronic order confirmation (Art. 6 para. 1 letter c) DSGVO).

Your data will be deleted as soon as we no longer need it for the aforementioned purposes or after expiry of the retention obligations applicable to us under commercial and tax law. The legal basis in this respect is also Art. 6 (1) c) DSGVO and Art. 6 (1) c) DSGVO. 1 f) GDPR.

Data is only passed on to third parties if this is necessary for the contract. For example, in order to process a booking/order, we will pass on personal data to the payment service providers commissioned by us, insofar as this is necessary to process the payment(s) (you will receive further information on this below). We may pass on details of your delivery address to logistics companies and shipping partners commissioned by us. The respective data will be transmitted solely for the respective purposes and deleted after delivery. This is done by your selection of the respective service provider based on your consent in accordance with Art. 6 para. 1 a) DSGVO, otherwise in the context of contract performance in accordance with Art. 6 para. 1 b) DSGVO.

When using our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests and to protect against misuse and other unauthorized use. This data will not be passed on to third parties unless the prosecution of claims requires this in the sense of Art. 6 Para. 1 f) DSGVO or a legal obligation pursuant to. Art. 6 par. 1 c) GDPR exists.

The deletion of the data takes place when the storage of the data is no longer necessary for the fulfillment of contractual or legal obligations. Necessity is constantly reviewed. In all other respects, data will be retained insofar as and for as long as there are legal obligations to retain data.

9. website optimization, reach measurement and online marketing

Google Analytics (anonymized)

We use cookies on our website based on our legitimate interests (namely the interest in the analysis and improvement as well as the commercial design of our online offer) within the meaning of Art. 6 para. 1 f) DSGVO uses Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). Google uses cookies for this purpose. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. Google is certified under the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The information generated by the cookie about your use of this website are about

Browser type/version,
operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer and IP address,
Time of the server request

However, we use the addition “anonymizeIp” within the scope of Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Google will use the aforementioned information on our behalf to evaluate the use of our online offer by users and to provide us with reports on the activities within this online offer, as well as to provide us with other services in this context, if necessary. For this purpose, pseudonymous usage profiles of the users can be created from the processed data.

Furthermore, the shortened IP address transmitted by the user’s browser is not merged with other data from Google.

The personal data of the users will be deleted after 14 months.

You can prevent the storage of cookies by selecting the appropriate settings on your browser software and prevent the collection of data generated by the cookie in relation to the online offer and its processing by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set that prevents future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

For more information about Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) as well as Google’s advertising display settings (https://adssettings.google.com/authenticated).

10. disclosure of data

Personal data is only passed on to tax offices and social security institutions if there is a legal obligation to do so; the legal basis is Art. 6, Para. 1 c) GDPR. The transfer to service providers only takes place on the basis of a proper contract processing agreement in accordance with Art. 28 DSGVO.

With the exception of the processing described above, we do not share your data with recipients located outside the European Union or the European Economic Area. However, some of the processing mentioned here results in data transfer to the servers of the providers of tracking or targeting technologies commissioned by us. These servers are located in the USA, insofar as the provider is based there. The data transfer takes place on the basis of so-called standard contractual clauses of the EU Commission and in accordance with the principles of the so-called Privacy Shield. You can also find more information here: https://www.privacyshield.gov/welcome

We will only disclose your personal data to third parties if you have given your express consent to do so (Article 6 (1) a) DSGVO), or if the disclosure is necessary to protect our legitimate interests in accordance with Article 6 (1) f) DSGVO and you have no overriding interest worthy of protection in not having your data disclosed, or if there is a legal obligation for the disclosure in accordance with Article 6 (1) c) DSGVO, or if it is necessary for the processing of contractual relationships with you in accordance with Article 6 (1) b) DSGVO.

PayPal

PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual accounts. A PayPal account is maintained via an email address. PayPal allows you to initiate online payments to third parties or receive payments as well. PayPal also assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the user selects this as a payment option during the ordering process on our pages, data is automatically transmitted to PayPal. By selecting this payment option, the user consents to the transmission of personal data required for payment processing.

The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, phone number, or other data necessary for payment processing. For the processing of the purchase contract are also such personal data necessary, which are in connection with the respective order

The purpose of the data transfer is payment processing and fraud prevention.

The transmission takes place on the basis of the fulfillment of the contract according to Art. 6 para. 1 b) DSGVO and, insofar as personal data are transmitted in addition, on the basis of our legitimate interests in secure payment processing and fraud prevention pursuant to Art. 6 para. 1 f) GDPR.

The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. The person responsible for this is PayPal.

PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process the data on its behalf.

You have the option to revoke your consent to the handling of personal data at any time vis-à-vis us or PayPal, or to consent to processing that is based on the legitimate interests of the company pursuant to Art. 6 para. 1 f) DSGVO, to object to us or PayPal. Revocation/objection do not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal’s applicable privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

BS PAYONE

PayOne is also a payment service provider through which payment can be made as part of orders in the online store. The provider is BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany.

If the user selects this provider as a payment option during the ordering process in our online store, data is automatically transmitted to PayOne. By selecting this payment option, the user consents to the transmission of personal data required for payment processing.

In the process, data such as the name, address, IP address and, if applicable, purchase information are transmitted in order to be able to carry out the payment.

The purpose of the data transfer is payment processing and fraud prevention.

The transmission takes place on the basis of the fulfillment of the contract according to Art. 6 para. 1 b) DSGVO and, insofar as personal data are transmitted in addition, on the basis of our legitimate interests in secure payment processing and fraud prevention pursuant to Art. 6 para. 1 f) GDPR.

The personal data exchanged between BS PAYONE and us may be transmitted by BS PAYONE to credit reporting agencies. This transmission also has the purpose of checking identity and creditworthiness. The person responsible for this is BS PAYONE.

You have the option to revoke any consent to the handling of personal data at any time vis-à-vis us or PayOne, or to consent to processing that is based on the legitimate interests of the company pursuant to Art. 6 para. 1 f) DSGVO is based. Revocation/objection do not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

BS PayOne is a provider certified in data protection for its quality, you can get more information about data protection here:

www.bspayone.com resp. here

https://www.payone.com/datenschutz/

11. social media, third party content & tools

Facebook and Instagram

On our website, you will only find our own buttons/links to our presences on Facebook and Instagram. These are not plugins from these providers.

Provider is

for Instagram: Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA

for Facebook: Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA

If you access these pages on the social networks, the named provider is the controller for the processing of your personal data.

We do not share any personal information from this website.

For more information on data protection during use, click here:

Instagram: https://help.instagram.com/155833707900388

Facebook: https://de-de.facebook.com/policy.php

Integration of third-party services and content

Within the framework of our website, we use data on the basis of consent pursuant to Art. 6 para. 1 a) DSGVO, or if consent is not given in an individual case and is not legally required, on the basis of our legitimate interests (i.e. interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 (1) f) DSGVO) offers from third-party providers to integrate their content and services, such as maps (hereinafter uniformly referred to as “content”).

This may require the respective third-party providers to obtain your IP address, as without the IP address you would not be able to send the content to your browser. The IP address is thus required for the delivery and display of this content.

The third-party providers may also use so-called “pixel tags” (invisible graphic files, also called “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze the usage behavior on this website. The pseudonymous information may be stored in cookies on your device and may contain, for example, technical information about visiting times, the browser and operating system, previously visited website and other information about the use of our website. There is no linkage with similar information from other sources.

If you do not want pixel tags to record your usage behavior, you can prevent the setting of the cookies required for this at any time by setting your browser accordingly (see help in your browser, if applicable) and, if necessary, send us a message (see section 1) objecting to the data collection.

Google Maps

We integrate maps of the service Google Maps of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed within the settings of their mobile devices). The data can be processed in the USA, and compliance with data protection is ensured by Google’s Privacy Shield certification, which has already been described.

This is done to optimize our site as well as our offer to make it easier for you to find us. The legal basis for customers is the contractual performance, Art. 6 para. 1 b) DSGVO, for users of this site who are not customers, in any case our legitimate interest in optimizing the site and the offer, Art. 6 para. 1 f) GDPR.

The privacy policy of this provider can be found at: https://www.google.com/policies/privacy/

You can set an opt-out (objection) under this link: https://adssettings.google.com/authenticated

12. applicant data

We process the personal data of applicants for the purpose of handling the application process. The processing may also be carried out electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be automatically deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the responsible party prevent deletion.

13. changes

We reserve the right to adapt security and data protection measures as far as this becomes necessary due to technical or legal developments. In these cases, we will also adapt these notes on data protection accordingly. Therefore, please note the current version of our privacy policy.

14. definitions

For a better understanding, we would like to provide you with the definitions of the GDPR here below, as far as they are relevant for our privacy notices.

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data are, simplified, individual details about personal or factual circumstances of an identified or identifiable natural person, i.e. not legal entities, such as a GmbH. Personal data primarily includes information such as name, address, e-mail address, but also the IP address.

Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing (in the sense of blocking).

Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Responsible

Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

Receiver

Recipient means a natural or legal person, public authority, agency or other body to whom Personal Data is disclosed, whether or not a third party. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Third

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent

Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Supervisory authority

“Supervisory Authority” means an independent governmental body established by a Member State pursuant to Article 51 of the GDPR.

Status: 14.02.2023