We are pioneers in the field of fraud prevention. Of course, that means we also know our limits. People are never perfect. That makes us unique, lovable and – vulnerable.

As a responsible and reliable company, we want to behave in accordance with the rules at all times. If we disregard statutory regulations or internal company rules, we not only put our good reputation at risk, but also risk financial damage.

This applies not only to us, but to the entire Otto Group.

That is why everyone associated with the Otto Group – whether employees, business partners, suppliers or customers – has a responsibility to report possible compliance violations. Only with everyone’s help can we identify and counteract violations at an early stage.

Whistleblower system 

Our digital whistleblower portal is a protected and secure reporting channel for all employees and for external stakeholders. The platform can be used anonymously, guaranteeing maximum protection for whistleblowers and sensitive data. Every piece of information fed into the system is checked at several stages by proven experts – so no tip-off leads to a hasty reaction or prejudgement.

Within the whistleblower system, you can decide whether your report should go to RISK IDENT’s compliance staff or be checked directly by our parent company.

You can reach our whistleblower system here:
https://www.bkms-system.com/ottogroup-speakup

Ombudsman

Alternatively, you have the option of contacting the Otto Group Ombudsman in confidence: Attorney at Law Dr. Rainer Buchert. As a lawyer, he is subject to the legally recognized duty of confidentiality and is not allowed to pass on any information to third parties without consent.

Attorney at Law Dr. Rainer Buchert

Tel: +49 69 71033330 or +49 6105-921355

dr-buchert@dr-buchert.de

Responsible for Content:
Risk.Ident GmbH
Am Sandtorkai 50
20457 Hamburg, Germany
Phone: +49 40 60945 2590
Email: contact@riskident.com
VAT Identification No.: DE287875226
Commercial Register No.: Amtsgericht Hamburg HRB 124968
Represented by the Managing Directors:
Frank Heisel, Felix Steinmann

Privacy information of Risk.Ident GmbH, Am Sandtorkai 50

20457 Hamburg, Germany for the website www.riskident.com

In the following privacy information, we inform you about the processing of personal data by Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg (“RiskIdent” and/or “we” and/or “controller”) in accordance with the DSGVO and the Federal Data Protection Act (BDSG 2018).

Please read our privacy information carefully. If you have any questions or comments about our privacy information, please feel free to contact us at datenschutz@riskident.com.

Table of Contents

1. Name and contact details of the controller responsible for processing

2. Contact details of the data protection officer

3. Online presence and website optimization (using cookies) including consent

3.1. Cookies – General information and consent requirements

3.2. Intervention options / browser settings

3.3 Consent management of the provider Borlabs

3.4. Consents for the use of individual online services / the collection of tracking data

3.4.1 Essential: Technically necessary cookies (No consent required)

3.4.2. Statistics: Consent for statistics cookies

3.4.2.1 Consent for Google Analytics

3.4.2.2 Consent for Nutshell CRM / Nutshell Analytics

3.4.2.3 Consent for Mouseflow

3.4.3 Marketing: Consents for marketing cookies

3.4.3.1 Consent for LinkedIn Insights Tag / LinkedInAds

3.4.3.2 Consent for Microsoft Bing

3.4.3.3 Consent for Meta

3.4.3.2 Consent for SID Marketing

3.4.4 External media: Consents for external media cookies

3.4.4.1 Consent for YouTube

3.4.4.2 Consent for Google reCAPTCHA

4. Contacting

5. Data processors

6. Recipients outside the EU

7. Duration of data storage

8. Your rights

8.1. Your rights in detail

1. Name and contact details of the controller responsible for processing

This privacy information applies to data processing by:

Risk.Ident GmbH
Am Sandtorkai 50
20457 Hamburg
Germany
represented by the managing directors:
Felix Steinmann
Frank Heisel

for the following websites: www.riskident.com and www.onlinefraudforum.com.

2. Contact details of the data protection officer

You can reach the company’s data protection officer at:
Mr. Dr. Nils Christian Haag
E-mail: datenschutz@riskident.com

3. Online presence and website optimization (using cookies) including consents

We collect data on user behavior on this website (tracking data). This includes, among other things, which individual subpages (article detail pages) were accessed. For this purpose, cookies can be set in the browser used by the respective user, among other things. The collection of tracking data is generally only permitted if you have consented to it beforehand (§ 25 para. 1 sentence 1 TDDDG). You can give such consent by clicking the “AGREE” button in the “Cookie Banner” displayed on this website. However, consent is not required for the processing of such tracking data necessary for the provision of the website (§ 25 para. 2 no. 2 TDDDG). This includes, for example, setting cookies for the purpose of displaying the shopping cart. The information about your usage behavior can be used by us, among other things, to display interesting offers to you on our website or to advertise to you with personalized content (e.g., retargeting) on other websites. Insofar as personal data about your usage behavior on this website can also be used by other providers, e.g., for the purpose of “enriching their own information”, such use will also only take place in these cases if you have previously consented to it. In these cases, the further processing of the data collected on this website is regularly carried out in the sole responsibility of the providers. In the course of this further processing, the providers may transfer the data to the USA. The European Court of Justice has determined that the USA is a country with an insufficient level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you being given adequate legal recourse against this. Tracking data collected and stored by us is processed exclusively in a pseudonymized form. This prevents the data from being assigned to your person. If you wish to delete individual cookies set in your browser or find out which service providers/providers have set cookies in your browser, you can do this via a “preference manager.” One such is available, for example, at www.youronlinechoices.com. In addition, you have the option to set your browser so that it prevents the setting of cookies or only allows the setting of certain types of cookies. Details on the possibility of changing the settings of common browser types (including Google Chrome, Firefox) can be found under item 3.2. of these privacy notices.

3.1. Cookies – General information and obligation to obtain consent

This website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.). The cookie stores information related to the specific device used. However, this does not mean that we receive direct knowledge of your identity. Some of the cookies we use are deleted after the end of the browser session (so-called session or session cookies). These cookies allow us, for example, to offer you a cross-page shopping cart display where you can see how many items are currently in your shopping cart and the current purchase value. Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent or cross-session cookies). These cookies, in particular, serve to make our offer more attractive to you. Thanks to these files, it is possible, for example, to display information on this website that is specifically tailored to your interests.

According to legal requirements, storing information on end devices (desktops, mobile phones, tablets, etc.) – e.g., by setting cookies – and retrieving information from end devices (tracking) is generally only permitted if you have given your prior consent. The legal basis for this is Section 25 (1) sentence 1 of the TDDDG. However, consent does not have to be given if such storage/retrieval is necessary for the provision of the website/app. The legal basis for this is Section 25 (2) No. 2 TDDDG. A necessity exists, for example, with regard to ensuring the following functionalities/achieving the following purposes:

– Ensuring system security

– Enabling billing of partners.

With regard to the data processing necessary for the operation of the website, you do not have the right to object.

You can use this website without data being retrieved from or stored on your end device for purposes that are not necessary for the offer of this website. For this reason, only “basic tracking” is activated when using this website – if you do not give any further consent.

3.2. Intervention options/browser settings

Of course, you can set up your browser so that it does not store our cookies on your end device. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie, or how to delete all cookies you have already received and block all others.

To do this, please proceed as follows:

In Internet Explorer:
1. Select “Internet Options” from the “Tools” menu.
2. Click on the “Privacy” tab.
3. Here you can make the security settings for the Internet zone. Here you can set whether and which cookies should be accepted or rejected.
4. Confirm your setting with “OK”.

In Firefox:
1. Select the “Settings” item from the “Tools” menu.
2. Click on “Privacy”.
3. Select “Create custom settings” from the drop-down menu.
4. Now you can set whether cookies should be accepted, how long you want to keep these cookies, and add exceptions for which websites you always or never want to allow cookies.
5. Confirm your setting with “OK”.

In Google Chrome:
1. Click on the Chrome menu in the browser’s toolbar.
2. Now select “Settings”.
3. Click on “Show advanced settings”.
4. Click on “Content settings” under “Privacy”.
5. Under “Cookies” you can make the following settings for cookies:
• Delete cookies
• Block cookies by default
• Delete cookies and website data by default when closing the browser
• Allow exceptions for cookies from specific websites or domains

If you want to delete individual cookies set in your browser or find out which service providers/providers have set cookies in your browser, you can do this via a “preference manager”. One such manager is available at www.youronlinechoices.com.

3.3 Consent management of Borlabs provider

For managing your settings and documenting user consents for our services, we use the consent tool Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (“Borlabs”). Borlabs is used, among other things, to store cookie settings for the entire website. Borlabs stores information about the categories of cookies used by the website and whether users have given or revoked their consent for the use of individual categories. This allows us to prevent cookies in each category from being set in the user’s browser if no consent is given for individual categories. Borlabs uses cookies for information storage, which have a normal lifespan of one year, so that the settings of returning visitors are saved. The legal basis for this is Article 6 (1) c GDPR.

3.4 Consent for the use of individual online services / the collection of tracking data

3.4.1 Essential: Technically necessary cookies (No consent required)

3.4.2 Statistics: Consent for statistic cookies

3.4.2.1 Consent for Google Analytics

For the purpose of demand-oriented design and continuous optimization of this website, we use Google Analytics based on consent. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses, among other things, so-called “cookies” (text files) and similar technologies that are stored on your device and enable an analysis of your use of the website. This information is used to evaluate your use of the website and to compile reports on website activities. It is possible that Google will use the data collected about your usage behavior for its purposes or for the purposes of other Google customers. The processing of the data after their transmission by RiskIdent to Google Ireland Limited is carried out by Google as the sole data protection controller. In this context, Google Ireland Limited, as the sole data protection controller, may store data about you in the USA. The European Court of Justice has found that the USA is a country with an insufficient level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and surveillance purposes without you having sufficient legal recourse against this. The legal basis for this data processing is Article 6 (1) a) GDPR.

You can revoke your consent to data processing by Google Analytics at any time in our consent management by deselecting the “Statistics” category or refusing to grant consent for the use of Google Analytics.

3.4.2.2 Consent for Nutshell CRM / Nutshell Analytics

Our company uses Nutshell (hereafter “Nutshell CRM”), provided by Nutshell, Inc. (206 E. Huron Street, Ann Arbor, Michigan 48104, USA), for customer relationship management and business process analysis. This also includes the use of the integrated Nutshell Analytics functionalities on our website.

Nutshell CRM and Nutshell Analytics allow us to centrally manage and analyze customer data and optimize business processes. Personal data such as name, address, email address, phone number, and other business-relevant information may be processed. The processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in efficient customer management and communication. If consent was requested (e.g., via contact forms), processing is based solely on Article 6(1)(a) of the GDPR and § 25(1) TDDDG, insofar as consent involves the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent can be revoked at any time.

The categories of data stored in Nutshell CRM and Nutshell Analytics include:

• Contact details (e.g., name, address, email, phone)
• Business-relevant information (e.g., contract data, communication history, purchasing behavior)
• Analytical data for business process optimization
• Visitor data from our website (e.g., source of visit, interactions on the website)

Data processing is conducted for the purposes of managing and maintaining customer relationships, performing analyses to optimize business processes, and improving our services. In particular, Nutshell Analytics enables us to analyze visitor interactions on our website. This includes tracking how users arrive at our site (e.g., via search engines, social media, or direct URL entry) and associating this information with visitors who have filled out a form on our website.

Data is shared with third parties only if necessary to fulfill our contractual obligations or if you have given your consent. Nutshell, Inc. may access data as part of system maintenance and support. Data transmission to Nutshell, Inc. is based on a data processing agreement under Article 28 of the GDPR and the EU Commission’s standard contractual clauses. We have implemented technical and organizational measures to ensure the security of your data and to protect it from unauthorized access, loss, or destruction. Nutshell, Inc. is also committed to adhering to corresponding security standards.

Data stored in Nutshell CRM and Nutshell Analytics is retained only for as long as necessary to fulfill the purposes mentioned above or as required by legal retention periods. You have the right to request access to your stored personal data at any time, to request corrections, deletions, or restrictions on processing, and to request data portability. You also have the right to revoke any consent given at any time. For this purpose, you may contact us using the contact details provided in our imprint. For more details, please refer to Nutshell’s privacy policy: https://support.nutshell.com/en/articles/8428993-privacy-policy You can revoke your consent for the use of Nutshell Analytics at any time via our consent management system by withdrawing your consent for the use of Nutshell Analytics.

3.4.2.3 Consent for Mouseflow

This website uses Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to randomly record individual visits (only with anonymized IP address). This creates a log of mouse movements, mouse clicks, and keyboard interactions, with the intention of replaying individual visits to this website as so-called session replays, and evaluating them in the form of so-called heatmaps to derive potential improvements for this website. The storage and processing of the collected data take place within the EU.

The legal basis for this processing is Article 6(1)(a) GDPR.

You can withdraw your consent for the use of Mouseflow at any time in our consent management by deselecting the “Statistics” category or by declining consent for the use of Mouseflow.

3.4.3 Marketing: Consent for Marketing Cookies

3.4.3.1 Consent for LinkedIn Insights Tag / LinkedInAds

This website uses the “LinkedIn Insights Tag”, an analytics tool of the social network LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). The LinkedIn Insights Tag allows the collection of data about visits to our website, including URL, Referrer URL, IP address, device and browser properties, timestamps, and page views. This data is encrypted, pseudonymized within seven days, and the pseudonymized data is deleted within 90 days. The use of the LinkedIn Insights Tag is for the purpose of tracking the success of campaigns, displaying targeted advertising outside our website (retargeting), and gathering additional information about LinkedIn members who view our advertisements. You can find more information in LinkedIn’s privacy policy here.

The legal basis for processing personal data is Article 6(1)(a) GDPR.

You can withdraw your consent for the use of the LinkedIn Insight Tag at any time in our consent management by deselecting the “Marketing Cookies” category or by declining consent for the use of the LinkedIn Insight Tag.

3.4.3.2 Consent for Microsoft Ads

Our website uses the Microsoft Ads service (formerly “Bing”). The use of the service allows us to evaluate the success of advertising campaigns, and it is provided by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521) (“Microsoft”). Upon visiting our website and granting consent, a cookie enables the collection of actions performed on the website and sends this information back to Microsoft. Microsoft stores a cookie in your browser for this purpose. This cookie records your visits and can then be used for campaign optimization. The cookie serves to uniquely identify your web browser and not your person. The legal basis for this data processing is Article 6(1)(a) GDPR (consent). More information on Microsoft’s privacy policy can be found here. You can also assert your rights as a data subject with Microsoft (e.g., right to erasure). Microsoft processes the data collected about you on this website as the sole data controller. In this context, there is a possibility that your data will be transferred to the United States by Microsoft. The European Court of Justice has determined that the United States is a country with an insufficient level of data protection. In this context, there is a particular risk that your data may be processed by American institutions/agencies for control and monitoring purposes without adequate legal remedies available to you. The legal basis for the data processing described above is consent under Article 6(1)(a) GDPR.

You can withdraw your consent to the described data processing by Microsoft (Bing) at any time in our consent management by deselecting the “Statistics” category or by declining consent for the use of Microsoft Retargeting.

3.4.3.3 Consent for Meta

Our website uses the advertising services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin, Ireland (“Meta”). By using cookies, device identifiers, or similar technologies, information about the usage of this website (e.g., viewed items) is collected jointly by RISK IDENT and Meta Platforms Ireland Limited and transmitted to Meta Platforms Ireland Limited under shared responsibility.

This website integrates a pixel from Meta Platforms Ireland Limited (Website Custom Audience Pixel), which enables Meta to receive tracking data. We share tracking data with Meta (e.g., IP address and user-agent). Meta uses this data exclusively to identify website visitors for the purpose of displaying personalized advertisements. This information can be linked to you using additional information Meta may have stored about you, for instance, due to your ownership of an account on the social networks “Facebook” and “Instagram.” Based on the information collected on this website, interest-based advertisements related to our offerings may be displayed in your Facebook or Instagram account (retargeting).

Additionally, Meta may aggregate the collected information, and such aggregated information can be used by Meta for its own advertising purposes or for the advertising purposes of third parties. For example, Meta may infer specific interests from your browsing behavior on this website and use that information to promote third-party offerings. Meta may also combine the information collected through the pixel with other information Meta has collected about you from other websites and/or through the use of the social networks “Facebook” and “Instagram,” resulting in a profile about you stored by Meta Platforms Ireland Limited. This profile may be used for advertising purposes.

Meta Platforms Ireland Limited is solely responsible for the permanent storage and further processing of the tracking data collected via the Website Custom Audience Pixel implemented on this website. In this context, Meta Platforms Ireland Limited, as the sole data controller under data protection law, may store data about you in the United States.

The European Court of Justice has determined that the U.S. does not offer an adequate level of data protection. In this context, there is a particular risk that your data may be processed by U.S. institutions or authorities for control and monitoring purposes without providing you with adequate legal remedies.

The legal basis for this data processing is Article 6(1)(a) of the GDPR (consent). The use of tracking cookies and similar technologies complies with § 25 TDDDG, which means that consent is required before such technologies are used. You may withdraw your consent through our consent management system  by deselecting the “Marketing Cookies” category or refuse to give consent altogether.

Further information about data protection at Meta can be found .
This resource also provides options to exercise your data subject rights (e.g., the right to deletion) with Meta Platforms Ireland Limited. Detailed explanations of intervention options regarding tracking can be found in section 3.2 of this privacy policy.

3.4.3.4 Consent for SID Marketing

This website uses the SID Pixel for targeted advertising provided by SID Marketing, Västra Hamngatan 11, 411 17, Gothenburg, Sweden. SID Marketing is a B2B marketing service that helps our company reach our target audience through advertising campaigns on social media channels such as LinkedIn and Meta (Instagram and Facebook). Additionally, based on interactions with our website, SID Marketing enables retargeting campaigns to deliver ads to our target audience and website visitors outside of our website.

The SID Pixel collects user interactions with our website as well as device information (e.g., IP address and device-specific data). Using cookie and pixel data, users can be re-targeted across various platforms. Further information can be found in SID Marketing’s Privacy Notice.

The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR (consent). The use of the SID Pixel also complies with § 25 TDDDG. This means that consent is required before tracking cookies or similar technologies are used. You can withdraw your consent through our consent management system by deselecting the “Marketing Cookies” category or refuse to give consent for the use of the SID Pixel altogether.

3.4.4 External media: Consent for external media cookies

3.4.4.1 Consent for YouTube

This website includes videos that are stored on http://www.YouTube.com and can be played directly on our website. All videos are embedded in “enhanced privacy mode,” meaning that no data about you as a user is transferred to YouTube unless you play the videos.

According to YouTube, the enhanced privacy mode ensures that no information about visitors to this website is stored before they watch the video. However, the enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. YouTube may connect to the Google DoubleClick network regardless of whether you watch a video or not.

As soon as you play a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.

Additional data processing operations may be triggered after you start a YouTube video, over which we have no control.

The use of YouTube is in the interest of providing an appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Art. 6(1)(f) of the GDPR. If corresponding consent has been requested, processing will be based exclusively on Art. 6(1)(a) of the GDPR and § 25(1) of the TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

Provider of the YouTube platform:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For more information about privacy at Google/YouTube, please visit: https://www.google.com/policies/privacy/. A general opt-out for ads is available here: https://adssettings.google.com/authenticated.

Further information about YouTube’s privacy practices can be found in their privacy policy at:

https://policies.google.com/privacy?hl=en

You can revoke your consent for the use of YouTube at any time here in our consent management by deselecting the “External Media” category or by declining to grant consent for the use of YouTube.

3.4.4.2 Consent for Google reCAPTCHA

To protect our online forms, this website integrates “Google reCAPTCHA,” a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). reCAPTCHA helps determine whether form entries are made by a natural person or abusively by automated machines (bots). To do this, reCAPTCHA analyzes various data points (e.g., IP address, mouse movements, time spent on the page).

These data are transmitted to Google. Processing is based on our legitimate interest (Art. 6 (1) lit. f GDPR) in protecting our website from abuse and spam. If explicit consent has been requested, processing will take place exclusively based on Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. The use of reCAPTCHA may result in the transfer of personal data to the United States. For more information, please refer to Google’s Privacy Policy and Terms of Service.

You can withdraw your consent for the use of Google reCAPTCHA at any time in our Consent Management by deselecting the “External Media” category or refuse to give consent to the use of Google reCAPTCHA.

4. Contacting Us

You have the opportunity to contact us in several ways. By email, by phone, via contact form, or by mail. When you contact us, we use the personal data that you voluntarily provide to us solely for the purpose of contacting you and processing your request.

The legal basis for this data processing is Article 6 paragraph 1 letter a), Article 6 paragraph 1 letter b), Article 6 paragraph 1 letter c) DSGVO, and Article 6 paragraph 1 letter f) DSGVO.

5. Data Processor

Risk.Ident uses data processors within the scope of processing your data. A data processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the data controller. Data processors do not use the data for their own purposes, but rather carry out the data processing exclusively for the data controller.

6. Recipients outside the EU

With the exception of the processing where we inform about the possibility of transferring data to recipients located outside the EU in these privacy notices, we do not transfer your data to recipients located outside the European Union or the European Economic Area. Data transfers are based on so-called standard contractual clauses of the EU Commission.

7. Duration of Data Storage

The duration of the storage of the data collected about you depends on the purpose for which we process the data. Storage takes place as long as it is necessary to achieve the pursued purpose. If we are required by law (e.g., tax obligations) to store certain data categories for a certain period of time, the continued storage of the data after it is no longer necessary for achieving the respective purpose is carried out exclusively for the purpose of fulfilling the legal obligation. In these cases, the data is blocked for access.

Examples of storage durations:

• Use of data for marketing purposes (without tracking): 3 years.

• Consents: Permanent storage as long as consents are used continuously (e.g., permanent sending of email newsletters).

• Tracking data: 2 years.

• Data for the purpose of implementing (advertising) objections: Unlimited storage.

8. Your Rights

In connection with the processing of personal data by us, you have data subject rights. For example, you have the right to request information about the data stored about you by us. You can also revoke consents given to us and object to individual data processing. You also have the right to have incorrect data corrected and to request that we provide you with specific data in a common electronic format. Furthermore, you have the right to delete the data stored by us about you. Please note in this regard that we may be legally obliged to continue storing the data despite your request for deletion. In addition, we may have an interest in continuing to store your data that outweighs your interest in its deletion (e.g., if we still have outstanding claims against you).

8.1. Your Rights in Detail

In addition to the right to revoke your consent given to us, you have the following additional rights, provided the respective legal requirements are met:

• the right to access your personal data stored by us (Article 15 DSGVO), in particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the origin of your data, if it was not collected directly from you;
• the right to rectification of incorrect or completion of correct data (Article 16 DSGVO);
• the right to deletion of your data stored by us (Article 17 DSGVO), insofar as no legal or contractual retention periods or other legal obligations or rights for further storage by us must be observed (e.g., if we still have outstanding claims against you);
• the right to restriction of processing your data (Article 18 DSGVO), insofar as the accuracy of the data is contested by you, the processing is unlawful, but you refuse its deletion; the controller no longer needs the data, but you require it for the assertion, exercise, or defense of legal claims, or you have objected to the processing according to Article 21 DSGVO;
• the right to data portability (Article 20 DSGVO), i.e., the right to receive selected data stored by us about you in a common, machine-readable format, or to request transmission to another controller;
• the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

You can exercise the aforementioned rights by contacting us at datenschutz@riskident.com. You can also assert your right to data portability by contacting datenschutz@riskident.com.

You can also request information about your personal data stored by us by sending an email to datenschutz@riskident.com

Last updated: August 2024