Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:
IDL GmbH Mitte
Name and address of the Data Protection Officer
The Data Protection Officer of the data controller is:
Großer Burstah 42
Phone: +49 40 226 390 10
This privacy notice applies to the users of our website (“users”) as well as to our customers, suppliers and other business partners or our contacts at our customers, suppliers and other business partners (“contacts”) in their role as so-called data subjects (of data processing).
1. Scope of processing personal data
We only collect and use personal data of our users as well as our contacts insofar as this is necessary to provide a functional website as well as for the provision, distribution and marketing of our contents and services.
In principle, users or contacts are not obliged to provide us with their personal data. However, the use of certain services or areas of the website may require the provision of personal data, e.g. registration, contacting us or entering into a contract with us. Mandatory data are generally marked accordingly. If you do not wish to provide us with the mandatory data, you will unfortunately not be able to use the corresponding service or we may not be able to enter into or continue the corresponding contract with you or your company.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
During the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the interests just referred to, Article 6(1)(f) GDPR serves as the legal basis for processing. Legitimate interests is the typically applicable legal basis when processing data of contacts with whom we personally have not entered into a direct contract (but only with the company for which our contacts work).
3. Data erasure and storage period
The personal data of the data subject will be deleted as soon as they are no longer required for the purpose for which they were collected. However, the data is stored for a longer period of time as far as the further storage of the data is required by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject, for example, because a certain retention period is obligatory. In this case, the data will be deleted as soon as the relevant retention obligation(s) has (have) been fulfilled. Until then, however, the data will continue to be stored solely for the purpose of fulfilling the legal obligation and the data will be blocked for processing beyond this.
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) the Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system reaches our website
(7) Websites accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and, if applicable, the log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this, the user’s IP address must remain stored for the duration of the session. If the data is stored in log files, this is done to ensure the functionality of the website. In addition, the data enables us to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context. Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
4. Duration of storage
The data will be deleted as soon as it is no longer needed to achieve the purposes set out above for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is generally the case after seven days at the latest. Further storage for the purpose of investigating malfunctions is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible. Further storage for the purpose of clarifying security incidents is also possible; in such cases, the data will be deleted as soon as the clarification or any legal dispute has been completed.
5. Objection and removal possibility
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user – beyond the case of the legal right to object (see section “Rights of the data subject”).
Cookies are small text files that can be used by websites to make a user’s experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Cookie declaration last updated on 7/6/21 by Cookiebot:
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
This website uses Google Analytics, a web analysis service of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use includes the “Universal Analytics” operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.
Use of Google Remarketing
Use of Microsoft Dynamics 365 Marketing
This website uses a web tracking service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Dynamics 365 Marketing uses its own HTML browser cookies in its web tracking technology. This means that users on our website can easily set their own browsers to reject and easily remove cookies or to prevent the use of Dynamics 365 Marketing to that extent by not consenting to the use of the relevant marketing cookies.
Our website uses the user action pixel from Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for conversion measurement. This makes it possible to track the behaviour of users of the website after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
LinkedIn Insight Tag
Our website uses the retargeting tool as well as the conversion tracking of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For this purpose, the LinkedIn Insight Tag is integrated on our website, which sets a unique LinkedIn browser cookie in your browser with a validity of 120 days and thus enables the collection of the following data: metadata such as IP address, timestamp and page events (e.g. page views).
The use of the LinkedIn Insight Tag is based on Art. 5 para. ePrivacy Directive in conjunction with Section 15 para. 3 TMG or Art. 6 para. 1 sentence 1 lit. f. GDPR. The website operator has a legitimate interest in effective advertising measures including social media.
This website uses Taboola’s content discovery technology. The provider is Taboola Inc. (1115 Broadway, 7th Floor, New York, NY 10010, USA).
To drive these recommendations, Taboola collects information about your device and your behaviour on this website (and other partner websites) through cookies. The cookie allows us to create pseudonymous usage profiles and recommend content to you that matches your personal interests. These usage profiles do not allow any conclusions to be drawn about your person. Our legitimate interest in data processing also lies in the aforementioned purposes. The legal basis for the use of Taboola is Art. 5 para. ePrivacy Directive in conjunction with Section 15 para. 3 TMG or Art. 6 para. 1 sentence 1 lit. f. GDPR. The data sent by us and stored with cookies or data will be automatically deleted after 3 months.
You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us.
In the course of the registration process, your consent is obtained for the processing of the data and reference is made to this Data Protection Declaration.
If you purchase goods or services on our website and provide us with your e-mail address, we may subsequently use this to send you a newsletter. In such a case, i.e. without your express consent, the newsletter will only send direct advertising for your own similar goods or services. You can object to this at any time by writing an e-mail to firstname.lastname@example.org or by clicking on the link provided for this purpose in the newsletter.
In connection with data processing for the dispatch of newsletters, no data is passed on to third parties. The data will only be used for sending the newsletter.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 sentence 1 lit. a GDPR.
The legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. We have a legitimate interest in sending direct advertising, insofar as this is in accordance with the relevant legal requirements.
The collection of the user’s e-mail address serves to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used respectively to be able to prove the fact that consent has been given.
The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The user’s e-mail address will therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process will generally be deleted after a period of seven days.
The subscription to the newsletter can be cancelled by the user concerned at any time respectively you can object to receiving further direct marketing at any time. For this purpose, each newsletter contains a corresponding link. The user may also contact us by mail to email@example.com.
1. Data processing
We use online conferencing tools, in particular to communicate with our customers and contacts. The tools we use in detail are listed below. When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and the provider of the respective conference tool.
In doing so, the conferencing tools collect all data that you provide/enter to use the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/ instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.
The providers of the conferencing tools are generally involved by us as so-called data processors, i.e. they act exclusively on our behalf and on the basis of our instructions when they process data. For further information on data processing by the conference tools, please refer to the privacy notices of the respective tools in use, which we have listed below.
2 Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest in data processing also lies in the aforementioned purposes. Insofar as consent has been requested, the tools in question are used on the basis of this consent (Art. 6 para. 1 sentence 1 lit. a GDPR); consent can be revoked at any time with effect for the future.
3. Storage period
The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as your consent to store it is revoked or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device for a maximum period of 6 months, unless you delete the cookies beforehand or revoke your consent in this regard. Mandatory legal retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the providers of the conferencing tools for their own purposes. For details, please contact the providers of the conferencing tools directly.
4. Conferencing tools in use
We use the following conferencing tools:
We use GoToMeeting. The provider is LogMeIn, Inc, 320 Summer Street Boston, MA 02210, USA. For details on data processing, please refer to the privacy notice of GoToMeeting: https://www.logmein.com/legal/privacy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details on this, in particular a copy of the agreed standard contractual clauses, are available upon request to the contact details provided in the section “Name and address of the data protection officer”.
5. Data processor agreement
We have concluded a data processor agreement with the provider of GoToMeeting and fully implement the strict requirements of the applicable data protection laws when using GoToMeeting.
On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and saved. This data will not be passed on to third parties. The following data is collected during the registration process:
Mandatory information: First name, last name, company, street, postal code, city, telephone, e-mail.
Voluntary information: Title, function, address of the homepage.
In the course of the registration process, the user’s consent to the processing of this data is obtained.
2. Legal basis for processing
The legal basis for the processing of data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent. If the registration serves the fulfilment of a contract to which the user is a party, or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR.
Registration is necessary for the provision of certain contents and services on our website, unless it serves the conclusion of a contract with the user. In addition, the user must register in order to fulfil a contract with the user or to carry out pre-contractual measures.
The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of a registration without a contract, this is the case for the data collected during the registration process if the registration on our website is cancelled or changed. In the case of the conclusion of a contract or for the implementation of pre-contractual measures, this is the case if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
As a user, you have the possibility to cancel the registration at any time. You can change the data stored about you at any time. If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.
There is a contact form on our website which can be used for electronic contact. If a user accepts this possibility, the data entered in the input mask will be transmitted to us and stored. At the time the message is sent, the user’s IP address and the date and time of registration are also stored.
Your consent may be obtained for the processing of the data within the scope of the sending process and reference is made to this Data Protection Declaration.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data sent with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail or collected within the framework of a contact form without consent is Art. 6 para. 1 sentence 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract with the sender, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask serves us only for managing the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to guarantee the security of our information technology systems.
The data will be deleted as soon as it is no longer needed to achieve the purpose of the survey. For the personal data from the input mask of the contact form and data that is sent by e-mail, this is the case when the respective conversation with the user has come to an end. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the possibility to revoke his consent to the processing of personal data at any time with effect for the future. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The objection takes place via a written declaration to our postal address stated at the beginning or a declaration in text form to our mail address stated at the beginning.
In this case, all personal data stored in the course of contacting us will be deleted unless contractual or legal obligations prevent a deletion.
In order to manage the data of clients and our contact persons (this term also includes the data of contact persons at potential clients) in our group of companies (the Insight Software group of companies) as effectively as possible, we use a so-called Client Relationship Management System (“CRM System”) within the group. This system stores the master data of our customers as well as important information about the customers and our contact persons. For contact persons, we typically record the name, job title and professional contact information (e.g. business e-mail address and/or telephone number) as well as information on the consent status regarding our newsletter).
The data stored in the CRM system can also be accessed by employees of other companies in the Insight Software group of companies. However, this access is limited to what is administratively necessary.
The legal basis for processing data in the course of the described customer and contact data management is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. Purpose of the data processing
The processing of personal data in the course of customer and contact data management serves to effectively shape our relationships with our customers, suppliers and other business partners as a central component of our business activities. We have a legitimate interest in designing and managing our customer relationships or communication as well as the communication with our suppliers and other business partners in the best possible way. To this end, it is particularly important to involve other companies in our group of companies to the extent necessary for internal administrative purposes.
Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. With regard to customer data management, this is usually the case when the relationship with the customer or the initiation of a business relationship has ended. In this case, the data will be deleted after the expiry of any relevant limitation periods (generally 3 years after the end of the relationship/the initiation of the same, starting with the end of the year in which the relationship/the initiation ended). However, this does not apply if contractual or legal obligations require a longer storage.
You have the possibility to object to the processing of your personal data on the basis of the legal basis Art. 6 para. 1 sentence 1 lit. f GDPR for personal reasons. If the data processed in the CRM system is related to direct marketing, you have the right to object to this at any time without giving reasons.
We make your data available to certain partners, other trustworthy companies or persons in connection with the data processing described. This, of course, takes place exclusively in accordance with applicable law.
In particular, we reserve the right to use service providers as so-called data processors for the processing of data, who may only process personal data in accordance with our instructions.
Insofar as service providers are not already named in this privacy notice, these are the following categories of service providers:
IT service provider (client relationship management system provider), EU, USA;
IT service provider (hosting), EU.
IT service provider (sending of direct marketing), EU, USA.
Customer support (e-mail), EU.
Furthermore, we share your data with other companies in the Insight Software group of companies. You can view a list of these companies here.
In addition, we may share your information with the following categories of third parties:
Authorities, courts, lawyers, auditors and tax consultants.
Transfer of data to countries outside the European Economic Area
We also share personal data with recipients located in countries outside the European Economic Area (“EEA”). In this case, we ensure before the transfer that either an adequate level of data protection exists at the recipient (e.g. based on an adequacy decision of the EU Commission for the respective country pursuant to Art. 45 GDPR or the agreement of so-called EU standard contractual clauses of the European Commission with the recipient pursuant to Art. 46 GDPR), the transfer is necessary for the performance of a contract between the data subject and the controller or for the implementation of pre-contractual measures at the data subject’s request, or there is an explicit consent of the data subject or another legal exception (pursuant to At. 49 GDPR).
You can obtain from us a copy of the appropriate or suitable safeguards agreed upon. Please use the information in the section “Name and address of the data protection officer” for this purpose.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the rights set out below vis-à-vis the data controller. You can exercise these rights by contacting us at the address listed in the section entitled “Name and address of the data protection officer”.
1. Right to information
You can ask the person in charge to confirm whether personal data concerning you will be processed by us.
If such processing has taken place, you can request the following information from the data controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.
2. The right to correction
You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.
3. The right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If processing has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.
4. The right to deletion
a) Duty to delete
You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:
(1) the personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed;
(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing;
(3) You file an objection to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you file an objection to the processing pursuant to Art. 21 para. 2 GDPR;
(4) the personal data concerning you is being processed unlawfully;
(5) The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject;
(6) the personal data concerning you is collected in terms of information society services offered pursuant to Art. 8 para. 1 GDPR.
b) Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate emergency measures, including technical measures, taking into account the available technology and implementation costs, to inform data processors who process personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or applications of this personal data.
The right to deletion does not exist insofar as the processing is necessary
(1) to exercise freedom of expression and information;
(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
(5) for asserting, exercising or defending legal claims.
5. The right to information
If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
The data controller shall have the right to be informed of such recipients.
6. The right to data transferability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that
(1) processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or a contract pursuant to Art. 6 para. 1 sentence lit. b GDPR and
(2) processing is carried out by means of automated methods.
The freedoms and rights of other persons must not be affected by this. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, if this is technically feasible.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
7. Rights to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller no longer processes the personal data relating to you, unless he can prove compelling grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
8 Right to revoke the Data Protection Declaration of Consent
You have the right to revoke your Data Protection Declaration of Consent at any time. The withdrawal of consent shall not affect the legality of the processing carried out on the basis of the consent until its withdrawal.
9. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the data controller,
(2) has been made due to legislation of the Union or of the Member States to which the data controller is subject that is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) has been made with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the data controller takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state his own position and to challenge the decision.
10. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.