Data Subject Rights Under GDPR
The General Data Protection Regulation (GDPR) grants you fundamental rights with respect to your personal data. This page explains each of your rights and how you can exercise them with Baltasaar Services GmbH ("Vector Defense").
1. Right of Access (Article 15 GDPR)
What This Right Means
You have the right to obtain confirmation of whether your personal data is being processed by us, and if so, to receive a copy of that data in a structured, commonly used, machine-readable format. This is often called a "Data Subject Access Request" or "DSAR."
What Information Will You Receive?
When you exercise this right, we will provide you with:
- Confirmation of whether your data is being processed
- A copy of your personal data in a portable format
- Information about the purposes of processing
- Information about the legal basis for processing
- The categories of recipients who receive your data
- Information about data retention periods
- Information about your other rights
How to Exercise This Right
Send a written request to:
Email: [email protected]
Mail: Baltasaar Services GmbH, Data Protection Officer, Gensingerstr. 14, 55457 Horrweiler, Germany
Include in your request:
- Your full name
- Your email address and/or phone number
- A description of the data or service you are inquiring about (e.g., "calculator submission from March 2026" or "customer account")
- A copy of your identification document if we have never met you
2. Right of Rectification (Article 16 GDPR)
What This Right Means
You have the right to request that we correct inaccurate or incomplete personal data without undue delay. If data is inaccurate, you may provide corrected information.
Examples
- Your name is misspelled in our records
- Your email address or phone number has changed
- Your company information is incorrect
- Your address or contact details are outdated
How to Exercise This Right
Contact us at:
Email: [email protected]
Contact: [email protected]
Provide clear information about what needs to be corrected and what the correct information should be. We will make corrections without undue delay and confirm the changes to you.
3. Right to Erasure (Article 17 GDPR)
What This Right Means
You have the right to request deletion ("erasure") of your personal data in certain circumstances. This is sometimes called the "right to be forgotten."
When Can You Request Erasure?
You may request erasure in the following situations:
- The data is no longer necessary for the purposes it was collected
- You withdraw your consent (for consent-based processing) and we have no other legal basis
- You object to processing and we have no overriding legitimate interest
- The data was processed unlawfully
- The data must be deleted to comply with a legal obligation
When Cannot We Erase Your Data?
We cannot erase your data if:
- Processing is necessary to perform a contract with you
- We are required to keep the data for tax or legal compliance (typically 10 years under German law)
- You have an ongoing customer relationship with us
- Processing is necessary for us to establish, exercise, or defend legal claims
How to Exercise This Right
Send a request to:
Email: [email protected]
Include in your request:
- Your full name and contact information
- A clear statement that you request erasure of your data
- The reason for your erasure request (see "When Can You Request Erasure" above)
- Any relevant reference numbers or dates
4. Right to Restriction of Processing (Article 18 GDPR)
What This Right Means
Instead of requesting complete erasure, you may ask us to limit ("restrict") processing of your data in certain circumstances. When you restrict processing, we will keep the data but stop using it (except with your consent).
When Can You Request Restriction?
- You dispute the accuracy of your data (we will restrict processing while we verify accuracy)
- Processing is unlawful and you request restriction instead of erasure
- We no longer need the data for its original purpose, but you need it for legal claims
- You object to processing and we are determining if our legitimate interest overrides your rights
How to Exercise This Right
Contact us at:
Email: [email protected]
Contact: [email protected]
Explain which data you want restricted and why. We will confirm restriction and stop using your data accordingly.
5. Right to Data Portability (Article 20 GDPR)
What This Right Means
You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transmit it to another organization without hindrance.
When Does This Right Apply?
Data portability applies when:
- Processing is based on your consent, or
- Processing is necessary to perform a contract with you
What Will You Receive?
Your data in a machine-readable format suitable for transfer to another service provider, including:
- Personal identifiers (name, email, phone, address)
- Account information and transaction history
- Calculator submissions and calculated results
- Communication records and inquiries
How to Exercise This Right
Send a request to:
Email: [email protected]
State that you request your data in a portable format. Optionally, provide the email address of another service provider if you want us to transmit the data directly to them.
6. Right to Object (Article 21 GDPR)
What This Right Means
You have the right to object to processing of your data in certain circumstances. If you object, we must stop processing unless we have compelling legitimate grounds that override your objection.
When Can You Object?
Right to Object to Legitimate Interest Processing
You can object at any time to processing based on our legitimate interest (Article 6(1)(f) GDPR). If you do, we must stop processing unless:
- We have compelling legitimate grounds that override your rights, or
- We need the data to establish, exercise, or defend legal claims
Right to Object to Direct Marketing
You have an absolute right to object to processing for direct marketing purposes (marketing emails, calls, etc.) at any time, free of charge. We must immediately stop marketing communications if you object.
How to Exercise This Right
To object to marketing: Click "unsubscribe" in any marketing email, or contact us at:
Email: [email protected] with "unsubscribe" in the subject line
To object to other processing: Send a detailed request to:
Email: [email protected]
Explain which processing you object to and your reasons. We will respond within 30 days explaining whether we have grounds to continue processing.
7. Right to Withdraw Consent (Article 7 GDPR)
What This Right Means
If we process your data based on your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
How to Withdraw Consent
Contact us at:
Email: [email protected]
Contact: [email protected]
State clearly that you withdraw your consent. We will stop processing based on that consent immediately, though we may continue processing on other legal bases if applicable.
8. Rights Related to Automated Processing and Profiling (Article 22 GDPR)
What This Right Means
You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you.
Our Automated Processing
We may use automated lead scoring to prioritize follow-up efforts based on calculator results. This profiling does not make decisions with legal significance (it does not affect your eligibility for services or create binding obligations).
Your Rights
You have the right to:
- Understand the logic behind any automated scoring or profiling
- Request human review of an automated decision
- Express your point of view about the decision
If you believe automated processing is unfairly affecting you, contact us at:
Email: [email protected]
9. How to Submit a Request
Contact Information
Data Protection Officer
Baltasaar Services GmbH
Email: [email protected]
Mail: Gensingerstr. 14, 55457 Horrweiler, Germany
Contact: [email protected]
What to Include
When submitting a request, please provide:
- Your full name
- Your email address and/or phone number
- A clear description of which right you are exercising
- Details about the data or service in question (e.g., dates, calculator type, customer number)
- A copy of your identification document if we have not previously verified your identity
- Your signature (digital signature is acceptable)
Response Timeline
We will respond to your request within 30 calendar days of receiving it. In complex cases, we may extend this period by two months (60 days total), in which case we will notify you of the extension.
Verification Process
We will verify your identity before fulfilling your request. If we cannot verify your identity with the information you provide, we may request additional information. This verification protects your privacy by ensuring only you can access your own data.
10. Right to Lodge a Complaint
Complaint With Supervisory Authority
If you believe we have violated your rights under GDPR, you have the right to lodge a complaint with the competent data protection authority:
Landesbeauftragter für den Datenschutz Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz
Germany
Contact: [email protected]
Email: [email protected]
Complaint With Vector Defense
Before escalating to a supervisory authority, you may lodge a complaint directly with us:
Email: [email protected]
Contact: [email protected]
We will investigate your complaint and respond within 30 days. Your complaint will not result in any discrimination or retaliation.
11. No Cost for Exercising Rights
There is no charge for exercising any of your data subject rights, except in cases of excessive or manifestly unfounded requests, in which case we may charge a reasonable administrative fee.
12. Questions?
If you have questions about your data subject rights or need assistance, please contact:
Baltasaar Services GmbH
Data Protection Officer
Email: [email protected]
Contact: [email protected]
Mail: Gensingerstr. 14, 55457 Horrweiler, Germany
We are here to help you understand and exercise your rights.