Data & Privacy

Yes, you can object at any time to your personal data being used for advertising under GDPR and German law — and the objection must be honored without delay.

Yes, websites in Germany must obtain your active, informed consent before placing non-essential cookies. Pre-checked boxes and 'cookie walls' are illegal.

Yes, under German and EU data protection law, you can withdraw your consent for data processing at any time — and it must be as easy to withdraw as it was to give.

You can demand information, request deletion or correction of your data, file a complaint with the German data protection authority, and claim compensation for proven damage under GDPR and BDSG.

GDPR violations in Germany can lead to criminal penalties (up to 3 years imprisonment) under BDSG § 42 or administrative fines up to €20 million or 4% of global annual turnover under EU GDPR — plus up to €50,000 for specific BDSG breaches.

Yes, you can sue for material or non-material damages after a data protection violation under GDPR and BDSG § 84 — but you must prove fault, infringement, damage, and causation.

You have strong GDPR rights in Germany—including access, correction, deletion, restriction, portability, and objection—as reinforced by the German Federal Data Protection Act (BDSG). You can also claim damages for violations.

You can request access to your personal data in writing or electronically from any data controller; they must respond within one month, free of charge, and provide a complete, intelligible copy of all your processed data.

In Germany, a Data Protection Officer (DPO) is an independent advisor appointed to monitor GDPR and BDSG compliance, advise on data processing risks, and serve as a contact for supervisory authorities and individuals.

It is a legal duty under German law requiring telecom providers to protect the confidentiality of communications and enable lawful surveillance only when authorized by strict statutory conditions.

The GDPR is a binding EU regulation that applies directly across all member states, while the BDSG is Germany’s national law that supplements the GDPR with specific national rules — especially for public authorities, employment, and criminal law contexts.

Yes, you have a legal right to access all personal data a credit agency holds about you, including your credit score and the logic behind it — subject to limited exceptions for trade secrets.

Yes, under the GDPR (not BGB § 1004), you have a legally enforceable right to erasure — but it’s not absolute and depends on specific conditions like consent withdrawal, illegality of processing, or lack of legitimate interest.

The right to be forgotten (right to erasure) lets you request deletion of your personal data when it's no longer necessary, unlawfully processed, or you've withdrawn consent — especially from search engines for outdated or irrelevant results.

You have strong rights under the GDPR and German law to control how social media platforms collect, use, and share your personal data — including rights to access, correct, delete, and object to processing.

You have the legal right to use your name exclusively in Germany, and can demand removal or injunction against anyone using it without permission.

Yes, but only under strict conditions: for legitimate employment purposes, with proportionality, transparency, and usually only while you're employed — not after termination.

Yes, but only under strict conditions: it must be necessary for a legitimate purpose, proportionate, transparent, and not override employees’ privacy rights.

Yes, but only if strictly necessary for legitimate purposes like security, with clear signage, limited storage, and no overriding privacy interests of residents.

Yes, but only if strictly necessary for employment purposes, with proper legal basis (e.g., collective agreement or justified necessity), and never based on 'voluntary' consent alone due to power imbalance.