We attach great importance to privacy. The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you access to the above-mentioned website. This policy describes how and for what purpose your data is collected and used and what options you have in relation to personal information.
1. Responsible body
Responsible body for the collection, processing and use of your personal data within the meaning of the GDPR is:
Okeanos Foundation for the Sea
Attn: Tina Baumgartner
Auf der Marienhöhe 15
64297 Darmstadt, Germany
2. General use of the website
2.1 E-mail contact
If you contact us (e.g via our contact form or e-mail), we will save your details for the processing of the request as well as for the event that follow-up questions arise. We store and use other personal data only if you consent to it or if this is permitted by law without special consent.
2.2 Legal basis and storage duration
The legal base of the data processing in accordance with the preceding paragraphs is worded in article 6 (1) (f) GDPR.
Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued.
3. Your rights as a person concerned with data processing
Under applicable law, you have various rights regarding your personal information. If you would like to assert these rights, please send your request by e-mail or by post with a clear identification of your person to the address specified in section 1.
Below is an overview of your rights.
3.1 Right to confirmation and information
You have the right at any time to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain free information from us about the personal data we have stored from you together with a copy of this data. Furthermore, there is a right to the following information:
a) the processing purposes;
b) the categories of personal data being processed;
(c) the recipients or categories of recipients to whom the personal data have been or are being disclosed, in particular in the case of beneficiaries in third countries or international organizations;
(d) if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
(e) the existence of a right to rectification or erasure of the personal data concerning you or to a restriction of processing by the controller or a right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) if the personal data is not collected from you, all available information about the source of the data;
(h) the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.
If personal data are transmitted to a third country or to an international organization, you have the right to be informed of the appropriate safeguards under Article 46 of the GDPR in connection with the transfer.
3.2 Right to rectification
You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
3.3 Right to cancellation („right to be forgotten“)
You have the right to ask us to delete your personal information without delay, and we are required to delete your personal information immediately if one of the following is true:
a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) you revoke your consent on which the processing was based in accordance with Article 6 (1) GDPR (a) or Article 9 (2) (a) GDPR and there is no need for any other legal basis for the processing.
(c) you object to the processing in accordance with Article 21 (1) of the GDPR and there are no high-level legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
d) the personal data were processed unlawfully.
e) the deletion of personal data is required to fulfill a legal obligation under European union or national law to which we are subject.
f) the personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
If we have made personal data public and we are required to delete it, we shall take appropriate measures, including technical means, to inform data controllers who process the personal data, taking into account available technology and implementation costs, that you have requested that they delete any links to such personal information or copies or replications of such personal information.
3.4 Right to restriction of processing
You have the right to demand of us to restrict processing if any of the following conditions apply:
a) you will contest the accuracy of your personal information for a period of time that enables us to verify the accuracy of your personal information;
b) the processing is unlawful and you refuse to delete the personal data and instead demand the restriction of the use of your personal data;
c) we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend your rights, or
d) you object to the processing pursuant to Article 21 (1) GDPR, as long as it is not certain that the legitimate reasons of our company outweigh yours.
3.5 Right to data portability
You have the right to receive the personal information that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer that information to another person without hindrance, provided that
(a) the processing is based on a consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or a contract pursuant to Article 6 (1) (b) GDPR, and;
(b) the processing is done by automated means. In exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data are transmitted directly by us to another party, as far as technically feasible.
3.6 Right to objection
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions. We no longer process personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
You have the right, for reasons of your own particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR, unless: processing is necessary to fulfill a public interest task.
3.7 Automated decisions including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, that will have legal effect or similarly affect you in a similar manner.
3.8 Right to revoke a data protection consent
You have the right to revoke your consent to the processing of personal data at any time.
3.9 Right to complain to a supervisory authority
You have the right to complain to a supervisory authority, in particular in the Member State of your residence, employment or the place of the alleged breach, that you consider that the processing of your personal data is unlawful.
4. Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities. Your personal data will be transmitted encrypted with us. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (for example, when communicating by e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.
To safeguard your data, we maintain technical and organizational security measures that we always adapt to state-of-the-art technology. We also do not warrant that our offer will be available at specific times; Disturbances, interruptions or failures cannot be excluded. The servers we use are regularly and carefully backed up.
5. Automated decision-making
There is no automated decision-making based on personal data collected.
6. Disclosure of data to third parties
We only use your personal data within our company. If and insofar as we engage third parties in the performance of contracts (such as logistics service providers), these personal data are only received to the extent that the transmission is required for the corresponding service.
In the event that we outsource certain parts of the data processing („order processing“), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights.