Allersberger Straße 185/G
90461 Nuremberg, Germany
Tel.: +49-(0)911 47495-0
Fax: +49-(0)911 47495-55
Managing Directors with authorization for representation:
Eva Föhlinger, Andrea Gantikow, Stefan Koch
Commercial register number: HRB 20388
Court of registration: Nuremberg District Court
VAT-ID No.: DE 231704898
Responsible for content according to § 10, paragraph 3 of the German Interstate Media Agreement (MDStV):
Eva Föhlinger, Andrea Gantikow, Stefan Koch
Data Protection Supervisor:
it.sec GmbH & Co., KG
– Datenschutzbeauftragter –
Telefon: +49 731 20589 24
1. About us
We, Flutlicht GmbH, are responsible for the collection, processing and storage of your data. You can find details about us in our Imprint at any time.
The careful handling of your personal data has the highest priority for us. In processing, we comply with the statutory provisions, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions.
This data protection declaration applies to all websites of our company that can be accessed under our domain (https://www.flutlicht.biz/en). If you switch to websites of other operators within the scope of our offer, their own data protection regulations apply, for the content of which the respective operators of these websites are responsible.
Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, you will find below an overview of all our services in the context of which we collect and process personal data.
If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service (e.g. for the press distribution list).
We also take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.
You can use our website without disclosing your identity. If you would like to register for one of our personalised services such as our press distribution list, subscribe to our newsletter or contact us, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.
Your personal data is collected and processed for the following purposes on the basis of the following legal bases:
- Contract initiation pursuant to Art. 6 (1) lit. a) and b) GDPR
- Contract execution in accordance with Art. 6 (1) lit. b) GDPR
- Customer management in accordance with Art. 6 (1) lit. b) and c), f) GDPR
- Communication and data exchange pursuant to Art. 6 (1) lit. a), b), c), f) GDPR
- External presentation and advertising pursuant to Art. 6 (1) lit. a), f) GDPR
- Implementation of declarations of consent pursuant to Art. 6 (1) lit. a) GDPR
- Ensuring the proper operation of a data processing system in accordance with
- 6 (1) lit. c) and f) GDPR
- Applicant selection procedures in the context of personnel and resource management based on Art. 6 (1) lit. a), b) GDPR in conjunction with § 26 BDSG
We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes, for example, information such as your name, your address, your telephone number and your date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites of our offer or the number of users of a page – is not personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimizes the use of our services for you, but is not necessary for this. Corresponding data fields are marked as ‘voluntary’.
The data collected immediately includes:
- First name, last name, address and e-mail address, e.g. for the purpose of inclusion in our press distribution list, use of your customer account or for contacting you via our contact form.
- Candidate data, for carrying out our online application procedure
- Data that you actively and consciously transmit to us when using our services,
- Further data that you voluntarily submit to us, e.g. data fields filled in by you and marked as ‘voluntary’
In addition, data about you is collected indirectly when using our services:
- Technical connection data, e.g. the page called up on our website, your IP address, date and time of the call, terminal device used, browser configuration data.
- Data collected in the context of website tracking and newsletter tracking
Our website is not directed at minors and we do not knowingly collect personal information from minors.
If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian himself has consented or has consented to the consent of the young person. In accordance with Art. 8 (2) GDPR, the contact details of the legal guardian must be provided in order to convince us of the consent or consent of the legal guardian. These data as well as the data of the minor will then be processed in accordance with this data protection declaration.
If we determine that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, we will delete the data immediately.
Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.
If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.
We also use service providers to provide services and process your data (for hosting, maintaining and analyzing databases, securing our web servers or for website tracking, among other things). Insofar as these special provisions apply, we have carried them out for you in the following for the respective service. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.
Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and serves only internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.
The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data are adequately protected. We expressly point this out to you again within the scope of the individual services.
Insofar as personal data is transferred to third countries, this is done on the basis of the EU Commission’s decision on appropriateness to the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Contractual Clauses 2010 pursuant to Art. 46 (2) lit. c GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or your consent pursuant to Art. 49 (1) lit. a) GDPR.
In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.
We store personal data within the framework of legal regulations or your consent.
We use the following criteria to determine the concrete storage period:
We store the personal data until the purposes for which they were collected cease to apply (e.g. at the end of a contractual relationship or through the last activity, if no continuing obligation exists, or in the case of a revocation of your consent for the specific data processing).
Further data will only be stored if
- legal storage obligations (e.g. according to AO and HGB) exist;
- the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
- the deletion would be contrary to the legitimate interest of the data subjects;
- another exception pursuant to Art. 17 (3) DSGVO applies.
You have a number of legal rights to which we would like to draw your attention below. Of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed using the contact details given below.
If the data processing is based on your consent or according to Art. 6 (1) lit. b) GDPR on a contract, you can also demand in accordance with Art. 20 (1) GDPR to receive the personal data stored about you in a structured, current and machine-readable format. At your request, we will also forward the data directly to the recipient of your choice.
Furthermore, in accordance with Articles 16 to 18 GDPR, you can request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.
If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, you may object to this processing pursuant to Art. 21 (1) GDPR. Then we will stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 (2) GDPR.
d) Right of revocation
You are free to complain to a supervisory authority if you believe that our processing of your personal data violates the European Data Protection Regulation or other national and international data protection laws.
The contact details of the supervisory authority responsible for us are as follows:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Phone: +49 981 53 1300
To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:
|Person in charge||Data protection officer|
Allersberger Straße 185/G
Phone: +49 911 47495 0
|it.sec GmbH & Co., KG
– Datenschutzbeauftragter –
Phone: +49 731 20589 24
We use so-called cookies in some areas of our website, e.g. to recognize the preferences of visitors and to be able to design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be stored for a certain period of time and to identify the visitor’s computer. For better user guidance and individual service presentation, we use permanent cookies.
We only set non-technically necessary cookies after your express consent, which you can of course revoke at any time.
As part of our cookie information on our website, you have agreed to the following statement in this regard:
This website uses tracking cookies or tracking software to provide you with the full functionality of our website and thus a better online experience. You can find more detailed information on the cookies and web tracking procedures used by us and the consents you have given us in our data protection declaration under https://www.flutlicht.biz/en/data-protection/.
However, technically unnecessary cookies or our tracking software will not be activated until you have given us your consent. [OK / Agreed]
Please also note that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bound, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links in the description of the respective service below.
The following cookies are used by us – if you allow this and have not set one or more opt-out cookies – for a more detailed purpose:
|Name of the cookies||Intended application||Storage time||Technically necessary|
|PHPSESSID||Backend: in use for ie status alerts, etc.
Frontend: Captcha for online forms
|_gid||this cookie is used via Google Analytics to differentiate users.||24 hrs||no|
|_ga||this cookie is used via Google Analytics to differentiate users.||2 years||no|
It’s used to track a user for the duration of their visit so that we can group their page views together.
|wordfence_verifiedHuman||Bleongs to Wordfence Plugin used to differentiate user from am Bot. Cookie to be placed as soon as there is a first user interaction with the page (ie. clickevent)||24 hrs||yes|
|_gat||Google Universal Analytics: It is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.||1 minute||nein|
This website uses Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other countries party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website usage and Internet usage. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. One way to object to web analysis by Google Analytics is to set an opt-out cookie that instructs Google not to store or use your data for web analysis purposes. Please note that with this solution the web analysis will only not take place as long as the opt-out cookie is stored by the browser. If you would like to set the opt-out cookie now, please click https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable.
Recipient of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
|Application||Our website uses the service ‘Google Maps‘. When Google Maps is called up on this website, data is transmitted to Google.|
|Responsible person with whom Google Maps is jointly operated on our website (‘Google’):||Google LLC
1600 Amphitheatre Pkwy
CA, 94043 USA
Responsible for data processing of persons living within the European Union/EEA and Switzerland:
Google Ireland Ltd.
Gordon House, Barrow Street, Dublin 4Ireland
|In an agreement pursuant to Art. 26 (1) GDPR, the parties jointly responsible determined who fulfilled which obligation pursuant to the GDPR||The agreement within the meaning of Art. 26 para. 1 GDPR with Google can be found under the following link:
<font color=”#ffff00″>-=https://privacy.google.com/intl/de/businesses/mapscontrollerterms/=- proudly presents
|Contact details for data protection:||The Google Privacy Officer can be contacted using the following web form: https://support.google.com/policies/troubleshooter/7575787?hl=en|
|Categories of data subjects:||Visitors to our site who use Google Maps|
|Categories of personal data:||Data that Google processes about our website visitors can be taken from the following link:
|Origin of data||Google receives the data from the data subjects directly via our website.|
|Legal basis for data processing||We use Google Maps only with your consent, Art. 6 (1) lit. a) GDPR.|
|The legal bases on which Google bases its data processing can be found in the following link:
|Purposes of data processing||We use Google Maps to help you to plan a route, and we do this for the following purposes:
– Public image and advertising
– Communication and data exchange
– event management
– if necessary contract initiation and execution
The purposes Google pursues with the data processing can be taken from the following link: https://policies.google.com/privacy/update?hl=en&gl=en, supplemented by the separate data protection provisions for Google Maps: https://www.google.com/intl/de_en/help/terms_maps.html
|Retention:||We do not store any data.
The storage and deletion of the data is the duty of Google. The information for this can be taken from the following link:
|Categories of recipients||We or our employees and service providers have no access to the data processed by Google.|
|The recipient categories to which Google discloses the data, as well as information on intra-group data exchange, can be found at the following link: https://policies.google.com/privacy/update?hl=en&gl=en, supplemented by the separate data protection provisions for Google Maps:/|
|Data transfers to third countries
|When Google Maps is used, the data is also processed by Google LLC. The associated transfer of data to the USA as a third country without an adequate level of data protection is secured by the EU-US Privacy Shield certification of Google LLC: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Based on the agreements on the EU-US Privacy Shield, Google LLC must grant the data subjects various rights, which they can then assert directly against Google LLC: email@example.com.
|Google will transfer, store and otherwise process the data in the United States, Ireland and any other country in which Google does business, regardless of the residence of the data subjects. The associated data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR: https://policies.google.com/privacy/update?hl=de&gl=de|
The information for this can be taken from the following link:
|Rights of data subjects||Joint controllers must grant data subjects various rights with regard to the processing of their data.
The rights to which the data subjects are entitled can be found in our data protection declaration. These can be asserted directly against Google.
The regulatory agency for Google is:
Data Protection Commission
21 Fitzwilliam Square, Dublin
Web address: http://gdprandyou.ie/contact-us/
We use Youtube, a Google service, to show you video content. To protect your privacy, we have activated the extended data protection mode.
By pressing the start button on the video, you agree to the transmission of the data to Youtube LLC:
Recipient of the data: Youtube LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Our website uses Social Media Buttons (Facebook, Twitter, Instagram, LinkedIn, SlideShare, Delicious, Pinterest, Flickr, Xing, Google+), to enable you to interact with third parties.
These social media buttons are not integrated as plug-ins via a so-called iFrame but are stored as links. By clicking the social media buttons, you will be redirected to the page of the respective provider. The relevant provider is then responsible for compliance with the data protection regulations and for the correctness, up-to-dateness and completeness of the information provided there for data processing within the meaning of Art. 4 No. 17 GDPR.
If you do not agree with this form of processing, you can prevent the storage of cookies by setting your browser accordingly. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available here <https://support.google.com/ads/answer/7395996?hl=de> Alternatively, you can disable Doubleclick cookies on this page < http://www.google.com/ads/preferences/html/opt-out.html>
Recipient of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
At your expressed request, we will include you in our press distribution list for the topics you have chosen as well as information on our company. Please note that delivery can only take place once you have expressly confirmed your subscription request again in the context of our double opt-in procedure.
The personal data collected within the scope of the press distribution list registration will be used exclusively for sending and personalising the information (e.g. to address you by your name). You can revoke your consent to the storage of personal data that you have given us for inclusion in the press distribution list at any time with effect for the future. For the purpose of revoking your consent, each e-mail contains an appropriate link; alternatively, you are welcome to contact us directly so that we can implement your revocation. Details of the consent given to us were communicated to you in the Double-Opt-In-Mail.
Press distribution list usage analysis
Our press distribution list e-mails contain tracking pixels. A pixel-code is an invisible graphic in HTML e-mails with the purpose of enabling a log file recording and a recording of the links activated from the newsletter with subsequent analysis when the e-mail is opened. This enables us to evaluate the success of our newsletter campaigns by means of statistical evaluations and to optimise our mails in order to present you, for example, topics and offers that are better suited to your interests.
The personal data collected in this way will be processed directly by us.
If you do not agree to this, you can unsubscribe from the press distribution list at any time via the link provided in the respective e-mail or by sending us a message.
Data that you transmit to us via our contact form will be processed for the purpose of communication and data exchange, i.e. to respond to your specific request. These data are stored as long as their processing is necessary for these purposes or until the expiry of any subsequent retention periods.
We offer you the opportunity to apply to us electronically. Your electronic application data will be received by the relevant personnel department and only forwarded to the department responsible for the respective position or to the persons in charge of processing. All parties involved treat your application documents
After completion of the applicant selection process, we will store your application documents for 3 months and then delete or destroy any copies unless we have concluded an employment contract with you. Should we wish to include your application documents in our applicant pool, we will contact you. In the notification you can actively consent to the further storage of your documents.
Please note that applications that you send us by e-mail will be sent to us unencrypted. We therefore recommend the use of our secure upload portal or e-mail encryption.
Recipient of the data: Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA
We shall be glad to help with any queries about data protection.
Please contact: firstname.lastname@example.org.
9. Company Presences (‘Fanpages’) in Social Networks
|Controller with whom the fanpage is operated jointly (‘platform operator’):||Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
|In an agreement pursuant to Art. 26 (1) GDPR, the joint controllers determined who fulfilled which obligation pursuant to the GDPR||The agreement within the meaning of Art. 26 (1) GDPR can be found at the following link:
The platform operator makes the essential contents of this agreement available to the persons concerned.
|Contact details for data protection:||The contact details for data protection can be found in our data protection declaration linked here or the data protection officer of the platform operator can be contacted using the following web form:|
|Categories of data subjects:||Registered and unregistered visitors of our fanpage in the social network|
|Categories of personal data:||We process the following data from registered visitors to our fan page:
User ID under which you have registered, released profile data (e.g. name details, occupation, addresses, contact data, possibly also special categories of personal data such as religious affiliation, health data, etc.), data that is generated during the sharing of content, the exchange of messages and communication, data that is collected during the processing of a contract.), data that are generated when sharing content, exchanging messages and communicating, data that are required within the framework of contract processing at the request of registered visitors; otherwise we only process pseudonymised data such as statistics and insights, how our fan page, the articles, pages, videos and other content provided about it are interacted with (page activities, page views, “Like” information, range, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements.
The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous for.us
|We process the following data from unregistered visitors to our fan page:
Pseudonymised data such as statistics and insights on how our fan page, the articles, pages, videos and other content provided about it is interacted with (page activities, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements.
The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous for.us.
|Data processed by the platform operator about registered and unregistered visitors to our fan page can be found under the following link|
|Origin of the data:||We receive the data from the data subjects directly or from the platform operator..|
|Legal basis for data processing:||We process the data on the basis of the following legal bases:
We only process special categories of personal data, if at all, on the basis of the following legal bases:
|The legal bases on which the platform operator bases data processing can be found in the following link:
In particular, the platform operator is obliged to inform the persons concerned for what purposes and on what legal basis the first call of a fan page generates entries in the so-called local storage even for non-registered visitors and whether personal data of non-registered visitors (e.g. IP address or other data that condenses into personal data) is also used to create profiles.
|Purposes of data processing:||The data will be processed for the following purposes:
|Retention periods:||The storage and deletion of the data is the duty of the platform operator according to the agreement in terms of Art. 26 (1) GDPR. Information on this can be found in the following link:|
|Categories of recipients:||The data processed by us can only be accessed. If the persons concerned post their data publicly on our fan page, they can be accessed by other registered and possibly also non-registered visitors, by our employees and service providers who maintain our fan page and need the data for the above-mentioned purposes If the data subjects post their data publicly on our fan page, they can be accessed by other registered and possibly also non-registered visitors..|
|The recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on intra-group data exchange, can be found under the following link:|
|Data transfers to third countries:
|If the data subjects post their data publicly on our fan page, these can be accessed by other registered and possibly also non-registered visitors worldwide.
In the context of the operation of our fan page, the data is also transferred to third countries by the platform operator.
The associated data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR:
Facebook Inc. is member of the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Due to the agreements on the EU-US Privacy Shield, Facebook must therefore also grant the persons concerned various rights, which they can then assert directly against Facebook.
Involved logic and scope of a profiling or an automated individual decision based on the collected data:
The information for this can be taken from the following link:
|Rights of data subjects:
|The Joint Controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator on the basis of the agreement within the meaning of Art. 26 (1) GDPR.:
Data subjects have a right to access, rectify or delete personal data concerning them or a right to restrict data processing by the data controller if certain conditions pursuant to Art. 15 to Art. 18 GDPR are met. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). They may also object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) lit. f) GDPR (Art. 21(1) GDPR), provided that their particular personal situation gives rise to interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data are processed for the purpose of direct marketing, data subjects have the right at any time to object to such processing with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) lit. a), Art. 9 (1) lit. a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) DGVO, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party designated by the data subject..
In principle data subjects have the right not to be subjected to an automated individual decision according to Art. 22 (1) GDPR. If such an automated individual decision is permissible according to Art. 22 (2) lit. a) to c) GDPR, the following rights according to Art. 22 (3) GDPR are granted to the persons concerned: Right to the statement of the own point of view, right of objection for the acquisition of the intervention of a person on the part of the responsible person, right to be able to contest the automated individual decision (right of rescission)..
Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are of the opinion that the processing of their personal data violates the GDPR ( Art. 77 GDPR.
The supervisory authority responsible for the platform operator is:
Data Protection Commission
21 Fitzwilliam Square, Dublin 2