Privacy policy

Data protection declaration according to Art. 13 and 21 DSGVO
for the content and functions of the website campermiete-tostedt.de (hereinafter "Services")

Status: April 2022


1. General

The protection of your personal data is important to us, the operators of the campermiete-tostedt.de website, including Kristiane Koch, Baurat-Wiese-Str. 173, 21255 Königsmoor, extremely important. That is why we would like to offer you comprehensive transparency regarding the processing of your personal data. Because only if the processing is comprehensible for you as the person concerned, you are sufficiently informed about the scope, the purposes and the benefits of the processing. This data protection declaration applies to all processing of personal data carried out by us. So both in the context of the provision of our services in our services and within external online presences, such as our social media fan pages.

The person responsible within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other data protection regulations is

CampermieteTostedt Kristiane Koch
Baurat-Wiese-Str. 173
21255 Koenigsmoor
info@campermiete-tostedt.de

Hereinafter referred to as "person responsible" or "we".

2. General information on data processing

2.1 Personal Data
Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person.
Individual details about personal or factual circumstances are, for example:

- Name, age, marital status, date of birth
- Address, telephone number, e-mail address
- Account, credit card number
- IP address & location data
- Vehicle registration number, license plate number
- ID card number, social security number
- criminal record
- genetic data and medical data
- Value judgments such as certificates

2.2 How we process personal data
We process personal data within the legally permissible limits. This means that data processing operations are based on a legal basis. These are standardized in Art. 6 Para. 1 GDPR. Most data processing is based on a legitimate interest on our part (Art. 6 Para. 1 lit. f GDPR), on processing operations necessary for the execution of the contract (Art. 6 Para. 1 lit. b GDPR) or on the basis of your consent (Art. 6 Paragraph 1 lit. a GDPR). In the latter case, you will be informed separately (e.g. via a cookie banner) of the consent process.
Personal data is only processed by us for clear purposes (Art. 5 Para. 1 lit. b GDPR). As soon as the purpose of the processing no longer applies, your personal data will be deleted or protected by technical and organizational measures (e.g. by pseudonymization).
The same applies to the expiry of a prescribed storage period, subject to cases in which further storage is necessary for the conclusion or fulfillment of a contract. In addition, there may be a legal obligation to store data for a longer period of time or to pass it on to third parties (in particular to law enforcement authorities). In other cases, the storage duration and type of data collected as well as the type of data processing depend on which functions you use in each individual case. We would also be happy to provide you with information on this in individual cases, in accordance with Art. 15 GDPR.
2.3 We process these categories of data
Data categories are in particular the following data:
- Master data (e.g. names, addresses, dates of birth),
- Contact data (e.g. e-mail addresses, telephone numbers, messenger services),
- Content data (e.g. text input, photographs, videos, content of documents/files),
- Contract data (e.g. subject of the contract, terms, customer category),
- Payment data (e.g. bank details, payment history, use of other payment service providers),
- Usage data (e.g. history in our services, use of certain content, access times),
- Connection data (e.g. device information, IP addresses, URL referrers).

2.4 We take these security measures
In accordance with the legal requirements and taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to your rights and freedoms, we take appropriate technical and organizational measures, to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring that your data is stored and processed confidentially, with integrity and is available at all times. The security measures we implement also include controls over access to your data, as well as access, input, disclosure, ensuring availability and segregation of data from other individuals. Furthermore, we have set up procedures that ensure the exercise of data subject rights (see Section 5), the deletion of data and reactions in the event of a threat to your data. Furthermore, we already take the protection of personal data into account when developing our software and using procedures that correspond to the principle of data protection through technology design and data protection-friendly default settings.
2.5 How we transfer or disclose personal data to third parties
As part of our processing of your personal data, it may happen that this data is transmitted or disclosed to other bodies, companies, legally independent organizational units or persons. These third parties can include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that we have integrated into our website. If we transmit or disclose your personal data to third parties, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

2.6 This is how a third country transfer takes place
In some cases, we transfer your personal data to a third country, i.e. a country outside the EU or outside the EEA. If we process your data in a third country or if the processing takes place in a third country as part of the use of third-party services, this will only take place in accordance with the legal requirements.
Furthermore, a transfer to a third country usually only takes place with your express consent. Should this not be available, we assure that we have a contractual or legal authorization to transmit and process your data in the third country concerned. In addition, we only have your data processed by service providers in third countries that have a recognized level of data protection. This means that there must be contractual obligations between us and the service provider in the third country through so-called standard protection clauses of the EU Commission or the service provider in the third country can show data protection certifications and your data is only processed in accordance with internal data protection regulations (Art. 44 to 49 DSGVO , Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

2.7 Information on the cookies used
Cookies are small text files containing data from websites or domains visited and stored on your device (computer, tablet or smartphone). When you access a website, the cookie stored on your device sends information to whoever placed the cookie.
2.7.1 First Party Cookies and Third Party Cookies
Our Services may set third party cookies and allow third parties to place cookies on your device. The difference between a first-party cookie and a third-party cookie is control over the placement of the cookie. First party cookies are cookies specific to the service that created them. Their use enables us to offer an efficient service and to evaluate your user behavior in our services. Third-party cookies are placed on your device by a third party (i.e. not by us). Although we may allow third parties to access our Services in order to place these cookies on your devices, we do not control the information provided by the cookies or have access to this data. This information is fully controlled by the third parties in accordance with their respective privacy policies.
Objectively distinguish between

- Functional Cookies: These cookies are necessary for the basic functions of the Services. These cookies enable, for example, a secure login and the storage of the progress of ordering processes. They also enable us, for example, to save your login data, the contents of your shopping cart and the uniform display of page contents.
- Statistics Cookies: These cookies allow us to analyze the Services so that we can measure and improve their performance. You can change your personal settings for static cookies by clicking on the relevant opt-out link.
- Marketing Cookies: These cookies are used by to serve you advertisements that may be relevant to your interests. These cookies enable, for example, the sharing of pages via social networks and the writing of comments. Likewise, offers that could match your interests are displayed. You can change your personal settings for marketing cookies by clicking on the relevant opt-out link.
2.7.2 How we use cookies
We want you to be able to make an informed choice for or against the use of cookies that are not strictly necessary for the technical characteristics of the Services. Therefore, we enable you to choose which cookies you allow in the context of a cookie banner when you visit our services for the first time and then permanently in the appropriate settings. Functional cookies are mandatory for visiting our services and are therefore already permitted via our default settings. You can allow statistics and marketing cookies by consenting to this in the cookie banner. Alternatively, you can reject statistics and marketing cookies. Please note that you may still be able to see ads even if you opt out of the use of cookies for advertising purposes. However, this advertising is then less tailored to your interests. However, you can still use the full functionality of the Services. How exactly we and which cookies we use can be found in our cookie policy under Cookie Policy.

2.7.3 Duration of Storage of Cookies
If we do not provide you with any explicit information on the storage period of cookies (e.g. as part of the cookie banner), you can assume that the storage period can be up to two years. If cookies were set on the basis of your consent, you have the option at any time to revoke your consent or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out").
2.8 Consent Management
We use "Klaro" as a consent management tool from KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin ("Klaro") as part of the tracking and analysis activities in our services. Klaro collects log file and consent data using JavaScript. This JavaScript makes it possible to inform you about your consent to certain tags in our services and to obtain, manage and document them.
We process the following data: (1) Consent data or data of consent (anonymized logbook data (consent ID, processor ID, controller ID), consent status, timestamp), (2) device data or data of the devices used (e.g. Shortened IP addresses (IP v4, IP v6), device information, timestamp), (3) user data or user data (including email, ID, browser information, setting IDs, changelog). The ConsentID (contains the data mentioned above) and the consent status including time stamp are stored in the local memory of your browser. Further processing will only take place if you submit a request for information or withdraw your consent. At the same time, we store personal data that we process using Klaro on our servers located in Montabaur, Karlsruhe. The legal basis for the processing of personal data using Klaro according to the stipulations mentioned here results from our legitimate interest and the fulfillment of legal requirements and thus from Article 6 (1) lit. f and c GDPR. With Klaro we would like to meet legal requirements for data protection and tracking and thus set up the functionality of our information technology systems in accordance with the law and in a user-centric manner.

3. Data processing in connection with the use of our services
The use of our services with all their functions goes hand in hand with the processing of personal data. We explain exactly how this happens here.

3.1 Informational use of our services
Calling up our services for information only requires processing of the following personal data and information: Browser type and browser version, operating system used, address of previously visited websites, address of the end device with which you access our services (IP address) and the time of the call our services. All this information is automatically transmitted by your browser if you have not configured it in such a way that transmission of the information is suppressed.
This personal data is processed for the purpose of the functionality and optimization of our services and to ensure the security of our information technology systems. These purposes are also legitimate interests according to Article 6 Paragraph 1 Letter f GDPR, the processing is therefore carried out with a legal basis.

3.2. Use after registration
In addition to the purely informational use of our services, you have the option of registering for our services and using our entire range. Our services enable you and your users to select various services and retrieve the content they contain.
This use of our services may require processing of personal data and information in the manner set out in this Section 3.
Some processing steps can also be carried out by third-party providers. The data processing of the third-party providers takes place under the conditions of the relevant data protection declarations. In the case of data processing with third-party providers, this can be order processing within the meaning of Art. 28 GDPR. This is subject to strict legal requirements, which we comply with in the course of our contractual agreements with our processors.
Use after logging in and the associated data processing operations may differ from purely informational use. This data related to your profile is collected for the purpose of optimization and to ensure the functionality of our offer. These are legitimate purposes according to Art. 6 Para. 1 lit. f GDPR. If your consent is necessary for the processing operation, we will obtain this at the appropriate point (e.g. via the opt-in option in the context of a cookie banner when using our service for the first time). If you have any further questions, we are at your disposal within the scope of your right to information according to Art. 15 Para. 1 DSGVO.
3.3 Contact form / contact by e-mail
We process your personal data that you make available to us when contacting us for the purpose of answering your inquiry, your e-mail or your callback request. Processed data categories are master data, contact data, content data, possibly usage data, connection data and possibly contract data. In individual cases, we forward this data to companies affiliated with us or to third parties that we commission to process orders. The legal basis of the processing depends on the purpose of the contact.
- Basically, it is based on our legitimate interest and thus on Art. 6 Para. 1 lit. f GDPR;
- If a contract is to be envisaged, the authorization is based on Art. 6 Para. 1 lit. b GDPR.

3.4 User Account & Online Shop

3.4.1 Establishment and Use of a User Account
You can create a user account (hereinafter also "profile") in our services in order to use our services and their features. If you do this, the personal data you provide there will be transmitted to us by your browser and stored in our information technology systems. Your IP address and time of registration are also saved. When you log into your profile, does our service place cookies on your device to allow you to stay logged in? even if you have to reload our services in the meantime. By creating the profile, you can use the functions of our services.
The processing operations associated with creating a profile serve the purpose of being able to assign future usage processes and to be able to call up the entire range of our services. When ordering any supplements and products from the platform, the processing of your data also serves to execute the contract, is therefore earmarked and required in accordance with Article 6 (1) (b) GDPR.
The storage of the IP address and the time of registration is necessary to ensure the security of our information technology systems. This is also our legitimate interest, which is why the processing is also lawful under Article 6 (1) (f) GDPR.
The personal data you enter will be stored by us until your profile is deleted, and beyond that only for as long as processing is necessary to fulfill a contract.
A transfer of data to third parties is not intended.

3.4.2 Caravan purchase & rental (online shop)
If you use our online shop, we process your data for the purpose of processing and delivering your orders and to ensure the security of our information technology systems. We process your personal data in order to enable you to purchase the selected products, as well as their payment and delivery. For this purpose, we forward the data required for the payment and processing of your order to our partners. We or our partners use service providers, in particular postal, forwarding and shipping companies, to deliver our products. We or our partners use the services of banks and payment service providers to process the payment transactions. See our explanations above. Processed data categories are master data, contact data, usage data, connection data, contract data, payment data. We do not pass on your data to unauthorized third parties. The legal basis for these processing measures results from
With regard to the processing of data to ensure the security of our information technology systems, our legitimate interest in accordance with Article 6 (1) (f) GDPR.
With regard to the processing of data for the purpose of processing your purchase in the online shop, Article 6 (1) (b) GDPR.

3.5 Payment processing
We offer various payment methods for processing payment claims. For this we integrate the payment service providers described below. We do this for the purpose of the proper and needs-based provision of our services. Processed data in this context are usage data, connection data, master data, payment data, contact data or contract data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, total and recipient-related information. The information is required to carry out the transactions. The data entered will only be processed and stored by the payment service providers. We do not receive any account or credit card-related information, only information about the confirmation or negative information about the payment. Under certain circumstances, your data will be transmitted to credit agencies by the payment service provider. The purpose of this transmission is to check identity and creditworthiness. For this we refer to the terms and conditions and the data protection information of the payment service provider. The legal basis for using the payment service provider results from Article 6 (1) (b) GDPR. We can only provide the services promised to you with our services and thus the fulfillment of our contractual obligations if we use third parties, such as payment service providers, to process payment transactions. We have concluded an order processing contract with each of the payment service providers so that the security of the processing of your data is guaranteed at all times.

payment service providers

Stripe
If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will send the information you provided during the ordering process together with the information about your order (name, address, account number, sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy#translation.
Stripe reserves the right to carry out a credit check based on mathematical-statistical procedures in order to protect the legitimate interest in determining the user's solvency. Stripe may transmit the personal data required for a credit check and received as part of payment processing to selected credit agencies, which Stripe discloses to users upon request. The credit report can contain probability values ​​(so-called score values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Stripe uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to use the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing.
PayPal
It is possible to process the payment using the online payment service PayPal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as the payment method, your data required for the payment process will be automatically transmitted to PayPal. This regularly involves the following data:
Name, address, company, e-mail address, telephone and mobile number, IP address. The data transmitted to PayPal may be transmitted to credit agencies by PayPal. The purpose of this transmission is to check identity and creditworthiness. PayPal may also pass on your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of the customer. You can view PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/. The legal basis for data processing is Art. 6 Paragraph 1 lit. b GDPR, since the processing of the data is necessary for payment with PayPal and thus for the execution of the contract.

3.6 Web Hosting
3.6.1 Provision of our Services
In order to be able to provide you with our services, we use the services of a web hosting provider. Our services are accessed from the servers of these web hosting providers. For these purposes we use the infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services of the web hosting provider.
The processed data includes all such data that you enter as part of your use and communication in connection with your visit to our services or that are collected from you (e.g. your IP address). Our legal basis for using a web hosting provider to provide our services results from Article 6 (1) (f) GDPR (legitimate interest).
3.6.2 Receiving and Sending Emails
The web host services we use can also include sending, receiving and storing emails. For these purposes, the addresses of the recipients of your e-mails and the senders as well as other information regarding the e-mail dispatch (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data is processed, among other things, for the purpose of detecting SPAM. E-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted during transport, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. Therefore, we cannot accept any responsibility for the transmission path of the e-mails between the sender and receipt on our server. Our legal basis for using a web hosting provider to receive and send e-mails results from Article 6 (1) (f) GDPR (legitimate interest).

3.6.3 Collection of access data and log files
We ourselves (or our web hosting provider) collect data for every access to the server (server log files). The address and name of the accessed services and files, date and time of access, amounts of data transferred, notification of successful access, browser type and version, your operating system, referrer URL (the previously visited page) and, as a rule, IP addresses as well as the requesting providers belong.
The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability. Our legal basis for using a web hosting provider to collect access data and log files results from Article 6 Paragraph 1 Letter f GDPR (legitimate interest).
3.7 Tracking & Tools
In order to ensure a smooth technical process and optimal user-friendly use of our services, we use the following services:

Google Search Console
For the purpose of continuously optimizing the Google ranking of our services, we use the Google Search Console, a web analysis service provided by Google.
The Google Search Console enables us to carry out search analyzes which give us information about how often our services appear in Google search results. This allows us to monitor and manage our services in the search index.
When using the Google Search Console, no personal user or tracking data is processed or transmitted to Google.

Google Analytics
We use Google Analytics for the purpose of statistically evaluating your use of our services. Your IP address is collected by us before it is anonymized by Google before it is permanently stored on their servers. Processed data are usage data and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland (as joint controller, Art. 26 GDPR). Should Google transfer this data to a third country (e.g. the USA), this will only happen on a case-by-case basis, on the basis of an order processing contract concluded with Google and in accordance with standard contractual clauses agreed with Google and other security measures permitted by the DSGVO, which ensure the security of the processing of your personal data with a level of protection identical to that in the EU. The legal basis for the use of Google Analytics is your consent (e.g. via an opt-in in the cookie banner), if you have given it to us during your visit to our services. The legal basis for the integration of Google Analytics therefore results from Article 6 Paragraph 1 Letter a GDPR. On the basis of your consent, cookies are stored on your end device and personal data are read out as a result. If you have not given us your consent to the use of Google Analytics (no opt-in in the cookie banner or revocation of your consent), we will not (any longer) use Google Analytics when you visit our services.
3.9 Fan Pages on Social Media Sites
We maintain fan pages on the websites of social networks on the Internet and process personal data in this context in order to communicate with the users who are active there or to offer information about us. We would like to point out that when you visit our fan pages, your data may be processed outside of the European Union. The operators of the respective social networks are responsible for this. A detailed description of the respective forms of processing and the possibilities of objection (e.g. opt-out) can be found in the data protection declarations of the operators of the respective social networks.

Facebook
We operate a so-called Facebook fan page for our company on Facebook. When you visit the Facebook fan page, Facebook can evaluate your usage behavior and provide us with information obtained from this ("Insights"). The page insights are used for the purpose of economic optimization and needs-based design of our services. Processed data categories may be master data, contact data, content data, usage data, connection data. The recipient of the data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as the joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions stated here results from our legitimate interest and thus from Article 6 Paragraph 1 Letter f GDPR.
Facebook is responsible for implementing your rights as a data subject. Facebook will inform you about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, and we will then immediately forward your request to Facebook.
Instagram
We operate a so-called Instagram fan page for our company on Instagram. When you visit the Instagram fan page, Facebook can evaluate your usage behavior and provide us with information obtained from this ("Insights"). The page insights are used for the purpose of economic optimization and needs-based design of our website/our services. Processed data categories may be master data, contact data, content data, usage data, connection data. The recipient of the data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as the joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions stated here results from our legitimate interest and thus from Article 6 Paragraph 1 Letter f GDPR.
Facebook is responsible for implementing your rights as a data subject. Facebook will inform you about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, and we will then immediately forward your request to Facebook.

3.10 Plugins in our Services
In our services, we integrate content such as videos, buttons, social media icons, etc. from social networks and other websites via plugins. The integration always works in such a way that the social networks learn and process your IP address via these plug-ins. The IP address is required to display the content of the plug-ins because it is required so that the social networks whose plug-ins we have integrated can send information to your browser. Some social networks use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic in our services. Further information can also be stored in cookies on your device and contain, among other things, technical information about your browser and your operating system, the time you visit our services and other information on the use of our services and can be linked to information from other sources.
3.11 Miscellaneous

Request for material & offers
If you request material (advertising or marketing material) or offers from us, we will process your data for the purpose of sending you the materials you have requested and for preparing and sending the offers you have requested. Processed data categories are master data, contact data, connection data, possibly contract data. If necessary, we will forward your request to our group companies. A transfer to a third country does not happen. The legal basis for the processing measures results from:
- Art. 6 (1) (f) GDPR when processing to ensure the security of our information technology systems
- Art. 6 (1) (b) GDPR when processing to request an offer or to initiate and conclude a contract.

4. Order Processing

If we use external service providers to process your data, they will be carefully selected and commissioned by us. If the services provided by these service providers are order processing within the meaning of Art. 28 GDPR, the service providers are bound by our instructions and are regularly checked. Our order processing contracts comply with the strict requirements of Art. 28 GDPR and the requirements of the German data protection authorities.

4.1 Booking request calendar

Using Wheeloffice RV Management
We use the Wheeloffice software to display occupancy, booking inquiries and bookings for our rental and sale properties. All of the personal data you provide on our website will be processed and used by us in order to be able to process the inquiries or the booking. In addition, this data is used to provide you with all relevant data for your inquiry or booking. The data collected for the booking request or booking will be forwarded to the following third parties:
We have concluded a corresponding agreement on order data processing with the provider of the Wheeloffice software.
5. Data subject rights

If your personal data is processed, you are the data subject within the meaning of the GDPR and, as a user, you have the following rights vis-à-vis the person responsible:

5.1 Right to information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.

If such processing is present, you can request information from the person responsible for the following information:

- the purposes for which the personal data are processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom your personal data has been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and ? at least in these cases ? meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
- You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

5.2 Right to Rectification

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
5.3 Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

- if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- if you have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
- If the processing of the personal data concerning you has been restricted, may this data ? apart from their storage ? processed only with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

5.4 Right to erasure
5.4.1. You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
- The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

5.4.2. If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
5.4.3. The right to erasure does not exist if processing is necessary

- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 lit. h and i and Article 9 Paragraph 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para. 1 DSGVO, insofar as the law referred to in Para
- to assert, exercise or defend legal claims.

5.5 Right to Information

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.
5.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that
&
the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

5.7 Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

You have the option, in connection with the use of information society services ? notwithstanding Directive 2002/58/EC ? Exercise your right to object by automated means using technical specifications.

5.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
Is the processing lawful until you revoke it? the revocation therefore only affects the processing after receipt of your revocation. You can declare your revocation informally by post or e-mail. Your personal data will then no longer be processed, unless permitted by another legal basis. If this is not the case, your data must be deleted immediately after the revocation in accordance with Art. 17 Para. 2 DSGVO. Your right to withdraw your consent subject to the above conditions is guaranteed.
Your revocation should be sent to:

Campermiete Tostedt Kristiane Koch
Baurat-Wiese-Str. 173
21255 Koenigsmoor
info@campermiete-tostedt.de

5.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR violates.

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

6. Automated individual decision-making including profiling

Automated decisions in individual cases, including profiling, are not made.

7. Controller's Notification Obligations

If your personal data has been disclosed to other recipients (third parties) for a legal reason, we will inform them of any correction, deletion or restriction of the processing of your personal data (Art. 16, Art. 17 Para. 1 and Art. 18 GDPR). The obligation to notify does not apply if it involves a disproportionate effort or is impossible. We will also inform you about the recipients upon request.