1. name and contact details of the data controller
This privacy information applies to data processing by:
Controller:
BAYOOSOFT GmbH
Lise-Meitner-Straße 10
64293 Darmstadt
Tel: 06151 / 8618-0
Fax: 06151 / 8618-150
E-mail: [email protected]
Homepage: https://www.riskmanager.net/
2. name and address of the data protection officer
Currently, there is no obligation for the responsible body to appoint a data protection officer. Any data subject may contact our data protection officer/person responsible etc. directly at any time with any questions or suggestions regarding data protection using the above contact details.
3. definitions
The data protection notice of BAYOOSOFT GmbHis based on the defined terms of the General Data Protection Regulation (DSGVO). To ensure simplicity and understanding of our data protection principles, we have explained all terms below.
3.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2 Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
3.3 Processing
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
3.5 Profiling
Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
3.6 Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
3.7 Controller or data controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
3.8 Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3.9 Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
3.10 Third party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
3.11 Consent
Consent is any freely given specific and informed indication of his or her wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
4. General information on data processing
ata protection, data security and confidentiality are very important to BAYOOSOFT GmbH. The permanent protection of your personal data, your company data and your business secrets is of particular concern to us. In principle, you can visit our website without providing any personal information. However, if you use the services of BAYOOSOFT GmbHvia our website, it is necessary to provide your personal data. We use the data you provide and collect on the website and the data stored during use exclusively for our own purposes, namely to implement and provide our website and to initiate, implement and process the legal services offered via the website (contract fulfilment) and do not pass them on to external third parties unless there is an official obligation to do so. In all other cases, we will obtain your express consent. Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to BAYOOSOFT GmbH. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data we process. In addition, we will use this data protection notice to inform you of the rights to which you are entitled. BAYOOSOFT GmbHhas implemented technical and organizational measures to ensure adequate protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed.
5. Legal bases, purposes of processing, duration of storage
5.1 General information on the legal bases Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our law firm or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.
5.2 General information on data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
6. Collection of general data and information
a) When visiting the website
When you visit our website https://www.riskmanager.net, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer and the name of your access provider.
The data mentioned are processed by us for the following purposes:
- Ensuring a smooth connection establishment of the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability as well
- for other administrative purposes. The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR.
Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations in Sections 4 and 5 of this data protection declaration.
b) When using our contact form
If you have any questions, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid e-mail address so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us takes place in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after the request you have made has been dealt with.
7. Sharing of Data
Your personal data will not be transmitted to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
- You have given your express consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR,
- Disclosure pursuant to Article 6 Paragraph 1 Clause 1 Letter f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation for disclosure under Article 6 Paragraph 1 Sentence 1 lit. c GDPR, as well as
- this is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR.
8.Cookies
We use cookies on our site. These are small files that your browser creates automatically and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not damage your end device and do not contain viruses, Trojans or other malware. Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we are immediately informed of your identity. On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific period of time. If you visit our site again to make use of our services, it will automatically be recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer (see Section 5). These cookies enable us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined period of time. The data processed by cookies are required for the stated purposes to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
8.1. OBJECTING TO THE SETTING OF COOKIES
The person concerned can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs
9. Analysis Tools
9.1. tracking tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
9.2. Google Analytics version 4
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of server request, are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; we would like to point out to you however that in this case not all functions of this website can be used in full.
You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
9.3. OBJECTION VIA BROWSER ADD-ON
Furthermore, the person concerned has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is evaluated by Google as a contradiction. If the information technology system of the data subject is later deleted, formatted or reinstalled, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or another person who is attributable to their sphere of influence, there is the possibility of reinstalling or reactivating the browser add-on. If you object to the use of Google Analytics, it is possible that some functions of the website can no longer be used to their full extent.
9.4. ADDITIONAL INFORMATION
Further information and Google’s applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://marketingplatform.google.com/intl/de/about/analytics/.
9.5. ORDER PROCESSING
The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.
Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is able to analyze the use of our website. Each time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google gains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission statements.
The cookie is used to store personal information, such as access time, the location from which access was made and the frequency of visits to our website by the person concerned. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
We have concluded an order processing contract with Google in this regard and observe the legal requirements of the DSGVO as well as the requirements of the German data protection authorities regarding the use of Google Analytics.
10. Google Adwords Conversion Tracking
We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for you in order to optimize our website. Google Adwords places a cookie (see section 4) on your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Adwords customer receives a different cookie.
This means that cookies cannot be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are informed of the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example via a browser setting that generally deactivates the automatic setting of cookies.
You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the “www.googleadservices.com” domain are blocked. You can find Google’s privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).
11. Matomo
We use the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this (see section 4). The information generated by the cookie about website usage is transmitted to our server and summarized in pseudonymous usage profiles. The information is used to evaluate the use of the website and to enable a needs-based design of our website.
The information will not be passed on to third parties. Under no circumstances will the IP address be linked to other data relating to the user. The IP addresses are anonymized so that an assignment is not possible (IP masking).
Your visit to this website is currently being recorded by the Matomo web analysis. Click here (https://matamo.org/docs/privacy/) to stop recording your visit.
12. Facebook
Social media plugins from Facebook are used on our website to make their use more personal. For this we use the “LIKE” or “SHARE” button. This is an offer from Facebook.
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plugin, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook.
This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plugins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook can use this information for advertising, market research and needs-based design of the Facebook pages. For this purpose, usage, interest and relationship profiles are created by Facebook, e.g. B. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.
If you do not want Facebook to associate the data collected through our website with your Facebook account, you must log out of Facebook before visiting our website.
Purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for protection in this regard Please refer to Facebook’s privacy policy (https://www.facebook.com/about/privacy/) for information on your privacy.
13. Twitter
Plugins of the short message network of X Corp. (Twitter) are integrated on our website. You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. You can find an overview of tweet buttons here (https://about.twitter.com/resources/buttons).
If you access a page on our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter “tweet button” while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to associate your visit to our site with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how it is used by Twitter.
If you do not want Twitter to be able to assign your visit to our pages, please log out of your Twitter user account. You can find more information on this in the data protection declaration of Twitter ((https://twitter.com/privacy).
14. Instagram
Our website also uses so-called social plugins (“plugins”) from Instagram, which is operated by Meta Platforms Inc, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted directly from Instagram to your browser and integrated into the page.
Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can immediately assign your visit to our website to your Instagram account. When you interact with the plugins, for example the “Instagram” button press, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there. If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. For more information, see Instagram’s privacy policy (https://help.instagram.com/155833707900388).
15. Your Rights
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
15.1 Right to Information
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us. If such processing is present, you can request information from the person responsible for the following information:
- the purposes for which the personal data are processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom your personal data has been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
15.2 Right to Rectification
You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete.
The person responsible must make the correction immediately.
15.3 Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
- if you contest the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons. If the processing of the personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing is restricted according to the above conditions, you will be informed by us before the restriction is lifted.
15.4 Right to Erasure
15.4.1 Obligation to Erasure
You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
- You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
- The personal data concerning you have been unlawfully processed.
- Erasure of your personal data is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
15.4.2 Information to Third Parties
If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
15.4.3 Exceptions
The right to erasure does not exist if processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller;
- for reasons of public interest in the area of public health in accordance with Article 9 Paragraph 2 lit. h and i and Article 9 Paragraph 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the law mentioned under Section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
- to assert, exercise or defend legal claims.
15.5 Right to Information
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
15.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that
- the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
- the processing is carried out using automated procedures
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.
15.7 Right to Object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
15.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
15.9 Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the person responsible,
- is permissible on the basis of legal provisions of the Union or of the Member States to which the person responsible is subject and these legal provisions are appropriate
contain measures to protect your rights and freedoms as well as your legitimate interests or
- with your express consent.
However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to contest the decision.
15.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.