Data protection declaration according to the GDPR for www.hochland.io
Hochland Deutschland GmbH takes the protection of your private data seriously and we want you to feel safe and comfortable when visiting our Internet pages. Protecting your privacy when processing personal information is an important concern for us, and we take this into account in our business processes. We process personal data collected when visiting our websites in accordance with the legal provisions applicable to the countries in which the respective websites are managed. Apart from that our data protection policy is based on the code of conduct that applies to Hochland. Hochland websites may contain links to websites of other providers to which this privacy policy does not extend. Hochland accepts no responsibility for the privacy policies or the content of these other websites.
1. Name and address of the data controller
The data controller according to the terms of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Hochland Deutschland GmbH
Kemptener Str. 17
88178 Heimenkirch
Phone +49 8381-502-0
Further information can be found in the imprint.
2. General information on data processing
2.1 Scope of the processing of personal data
As a matter of principle, we process the personal data of our users only to the extent necessary to provide a functional website as well as our contents and services. The personal data of our users is only processed with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and where processing of the data is permitted by law.
2.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis in the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
2.3 Data deletion and storage duration
The personal data of the person concerned will be erased or blocked as soon as the purpose of the storage no longer applies. Data storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. The data will also be blocked or erased when a storage period prescribed by the above standards expires, unless there is a need to store the data further for the purpose of concluding or fulfilling a contract.
3. Provision of the website and creation of log files
3.1 Description and scope of data processing
Whenever our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and version used
- The user's operating system
- The user’s internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are called up by the user's system via our website
The log files contain IP addresses or other data that allow the assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user goes contains personal data. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
We are using the following host:
Amazon Web Services, Inc.
P.O. Box 81226
Seattle, WA 98108-1226
http://aws.amazon.com
3.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3.3 Purpose of data processing
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR).
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is carried out in order to ensure the functionality of the website and to ward off attacks. The data also serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
3.4 Duration of storage
The data will be erased as soon as it is no longer necessary for the purpose for which it was collected. In the case data collection to ensure the provision of the website, this is the case when the respective session is ended.
When data is stored in log files, this is the case after 14 days at the latest. Data storage beyond this period is possible. In this case, the IP addresses of the users are erased or altered/alienated so that a accessing client can no longer be assigned.
3.5 Possibility of objection and removal
The collection of data to ensure the provision of the website and the storage of the data in log files is mandatory for the proper operation of the website. There is therefore no possibility of objection on the part of the user.
4. Use of cookies
4.1 Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the user returns to the website.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
CognitoIdentityServiceProvider: (first party)
To keep alive login sessionamplify-signin-with-hostedUI: (first party)
To store login method_hjClosedSurveyInvites: (first party)
Ensures that invitations to external surveys are not shown anymore once you got it before._hjDonePolls: (first party)
Ensures that an on-site survey does not appear anymore once it has been completed before._hjMinimizedPolls: (first party)
Stores whether a survey widget has been minimized by the user to ensure it stays minimized on other pages._hjShownFeedbackMessage: (first party)
Stores whether a feedback window has been minimized or completed to ensure it stays minimized on other pages._hjid: (first party)
Is set on first pageview as unique user ID to match future behaviour to the same user (ID)._hjFirstSeen: (first party)
Identifies the first visit of a new user to be used as a filter for recordings._hjSession_{site_id}: (first party)
Holds current session data and ensures subsequent requests are attributed to the same session_hjSessionUser_{site_id}: (first party)
Set on first page view to persist the Hotjar User ID and to ensure data from subsequent visits to the same site are attributed to the same user ID_hjRecordingEnabled: (first party)
Set when a recording starts and read when recording module is initialized to see if user has already been recorded_hjRecordingLastActivity: (first party)
Can not be found in "cookies" but in session storage of your browser. Will be updated once a session recording starts or a user takes an action that is recorded._hjViewportId: (first party)
Stores user viewport details such as size and dimensions_hjTLDTest: (first party)
Dient dazu, sicherzustellen, dass Cookies über mögliche Subdomains geteilt werden können und wird anschließend wieder entfernt._hjUserAttributesHash: (first party)
User attributes will be cached for the duration of the session to notice changed attributes that need to be updated._hjCachedUserAttributes: (first party)
Stores user attributes (operating system etc.) when hotjar feedback tool is used._hjLocalStorageTest: (first party)
Checks whether hotjar can use local storage of the browser (yes = "1") and will be deleted almost immediately._hjIncludedInPageviewSample: (first party)
Is set to check if the current user is still in the defined pageview limit agreed on with hotjar._hjIncludedInSessionSample: (first party)
Is set to check if the current user is still in the defined session limit agreed on with hotjar._hjAbsoluteSessionInProgress: (first party)
Is set to check if it is the first visit of a user._ga: (first party)
Is used to distinguish users._gid: (first party)
Is used to distinguish users._gat: (first party)
Is used to throttle request rate.AMP_TOKEN: (first party)
Contains a token to retrieve a client ID from AMP client id service._gac_<property-id>: (first party)
Contains campaign related information from users. When Google Analytics and Google Ads accounts are linked, Google Ads website conversion tag will read cookie to match conversions.
The user data collected in this way is pseudonymized using technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
4.2 Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given his consent to this.
4.3 Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions it is necessary that the browser is recognized even after a page change.
The user data collected through technically necessary cookies is not used to create user profiles.
Further cookies are used in order to improve the quality of our website and its contents. By means of the analysis cookies we learn how the website is used and can thus constantly optimize our offer.
These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.
4.4 Duration of storage, possibility of objection and removal
Cookies are stored on the user's computer and transmitted to our site by the user Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all the functions of the website can be used to their full extent. You can see and change your current cookie settings for this website here.
5. Contact form and e-mail contact
5.1 Description and scope of data processing
On our website there is a contact form which can be used for contacting us electronically. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. This concerns the following data:
- The IP address of the user
- Entered data
For the processing of the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration.
For our contact form we use reCAPTCHA from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland („Google“). This function primarily serves to distinguish if input is made by a natural person or in an inproper manner by machines, e.g. bots. This service includes sending of the IP address and further data required by Google which may also result in a transmission of personal data to the servers of Google.
Further information on Google reCAPTCHA as well as their data protection declaration can be found on https://www.google.com/intl/de/policies/privacy/ .
Alternatively, it is possible to contact us using the provided e-mail addresses. In this case the personal data of the user transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.
5.2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. The legal basis for the use of reCAPTCHA is Art. 6 Par. 1 letter f GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Par. 1 letter f GDPR. If the e-mail contact is aimed towards the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
5.3 Purpose of data processing
The processing of the personal data from the input mask serves us only for the processing to establish the contact. In the case of contacting to us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
5.4 Duration of storage
The data will be erased as soon as they are no longer required for the purpose of their collection and no further legal periods for storage exist.
5.5 Possibility of objection and removal
The user has the possibility to withdraw his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
6. Web analysis using Google Analytics
6.1 Scope of the processing of personal data
We use Google Analytics on our website to analyse the surfing behaviour of our users. The software does not set cookies by default (for cookies see above). If you explicitly agree to the setting of analysis cookies, cookies will be used to enable a statistical analysis of the use of this website by its visitors and to display usage-related content or advertising.
The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In case IP-anonymisation is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area.
Only in exceptional cases the whole IP address will be first transfered to a Google server in the USA and truncated there. The IP-anonymisation is active on this website. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage. The IP-address that your Browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser.
Alternatively you can stop Google Analytics from tracking by clicking on the following Link.
A cookie will be set that prevents your data from being collected in the future. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.
For further information please visit https://www.google.com/analytics/terms/gb.html.
We want to point out that on this website Google Analytics was extended by the code „anonymizeIp“ to ensure an anonymized collection of IP adresses (so-called IP masking).
6.2 Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
6.3 Purpose of data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on how the individual components of our website are used. This helps us to constantly improve our website as well as its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f GDPR. By making the IP address anonymous, the interest of the users in their protection of personal data is sufficiently taken into account.
6.4 Duration of storage
The data gets erased as soon as it is no longer required for our recording purposes.
6.5 Possibility of objection and removal
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all the functions of the website can be used to their full extent. We offer our users on our website the possibility of opting out from the analysis procedure. To do this, you must follow the corresponding link (see above).
7. Web analysis & feedback function by Hotjar
7.1 Scope of the processing of personal data
We use Hotjar on our website to analyse the surfing behaviour of our users and to give them the possibility to give feedback on their user experience. If you explicitly agree to the setting of analysis cookies, cookies will be used to enable an analysis of the use of this website and to display usage-related content.
The information generated by the cookie will be transmitted to and stored for a maximum of 365 days by Hotjar on servers in Ireland, EU (Amazon Web Services infrastructure, eu-west-1 datacenter).
Some hotjar functions as for example session recording are watching the individual actions yo take during your visit on our website, others (e.g. heatmaps) aggregat data points of you and other users. Sensible data you are entering, for example in a contact form, is not being transferred to and can not be seen by hotjar.
Hotjar is using your IP address for the duration of your stay but only in a shortened way – suppressing the last 8 characters before being stored at all.
You can see an overview of collected data by hotjar on https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information.
You can find further information in the data protection declaration of hotjar on https://www.hotjar.com/legal/policies/privacy/.
7.2 Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
7.3 Purpose of data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained and the feedback we get from users, we are able to compile information on how the individual components of our website are used. This helps us to constantly improve our website as well as its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f GDPR. By making the IP address anonymous, the interest of the users in their protection of personal data is sufficiently taken into account.
7.4 Duration of storage
The data gets erased as soon as it is no longer required for our recording purposes but not later than 365 days from your visit.
7.5 Possibility of objection and removal
Cookies are stored on the user's computer and transmitted to hotjar by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all the functions of the website can be used to their full extent.
You can prevent hotjar from collecting data by clicking on the following link and activate the do-not-track function: https://www.hotjar.com/privacy/do-not-track/
8. Embedding ov YouTube-Videos
8.1 Description and scope of data processing
This website has embedded videos from YouTube. This service is operated by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.
We are using YouTube in enhanced privacy mode. This mode ensures, according to YouTube, that YouTube does not save any information about visitors on this website, until they watch a video. The transfer of information to YouTube-Partner however is not blocked by enhanced privacy mode. So YouTube is establishing a connection to Google Marketing Platform – no matter if you watch a video.
As soon as you start a video on this website, a connection to the YouTube Servers is established, in the course of which the information about the visited pages on our website is transferred. If you are logged in your YouTube-Account, you enable YouTube to link your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore YouTube can save several Cookies on your device or use comparable recognition technology (e.g. device fingerprinting) once you start a video. Thus YouTube can get informationen about visitors of this website. This data is used for example to record video statistics, improve user experience or prevent fraud.
It is possible that further data processing can be triggered after starting a YouTube video on which we do not have any influence.
8.2 Legal basis for data processing
The legal basis in general is Art. 6 para. 1 lit. f DSGVO. If the users consent has been asked for, the exclusive legal basis for the data processing is Art. 6 para. 1 lit. a DSGVO; The consent can be revoked at any time.
8.3 Purpose of data processing
We use YouTube to improve the content quality and to provide video in the most seamless way possible.
8.4 Duration of storage
We do not save any personal data connected with the use of YouTube videos. Further information about the privacy policy of YouToube can be found here: https://policies.google.com/privacy
8.5 Possibility of objection and removal
You an revoke you consent at any time: Opt-out
Further information about the privacy policy of YouToube can be found here: https://policies.google.com/privacy
9. Register for portal services
9.1 Scope of the processing of personal data
With regards to sign up and sign in to the customer portal the following personal data will be processed:
- salutation
- first name
- last name
- company
- account number (if appropriate)
- addresses
- position/title
- telephone
9.2 Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
9.3 Purpose of data processing
The registration of users including voluntary statement of personal data helps Hochland to provide content and services which - by their very nature - can only be provided to registered users. The personal data serves the provision of individual content as well as to simplify processes (e.g. order samples via portal).
9.4 Duration of storage
Data will be stored as long as the customer account exists.
9.5 Possibility of objection and removal
Registered users can see their personal data straight in the portal and are free to let change or delete the personal data collected for registration or being already stored from previous customer relationship at any time, as far as not being prevented by legal constraints.
10. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the data controller:
10.1 Right of access to information
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us.
In the event of such processing, you may request the following information from the data controller:
- The purposes for which the personal data are processed;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- The envisaged period of storage of the personal data relating to you or, if not possible to give specific details, criteria used to determine that period;
- The existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the data controller or a right to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- any available information on the source of the data, if the personal data is not collected from the data subject;
- The existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
10.2 Right of rectification
You have the right to ask the data controller to rectify and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the rectification without delay.
10.3 Right to restrict processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
- If you contest the accuracy of the personal data concerning you for a period enabling the data controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data;
- The data controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims, or
- If you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate grounds given by the data controller override your grounds.
Where the processing of personal data relating to you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence legal claims or for the protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction of processing is lifted.
10.4 Right of erasure
10.4.1 Obligation to erase
You may obtain from the data controller the erasure of the personal data concerning you without undue delay and the data controller has the obligation to erase such data without undue delay where one of the following grounds applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you has been unlawfully processed.
- your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject.
- The personal data concerning you have been collected in relation to the offer information society services referred to in Art. 8 para. 1 GDPR.
10.4.2 Information provision to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 para. 1 GDPR to erase it, he, taking account of available technology and the costs of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data, that you, as a data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
10.4.3 Exceptions
The right of erasure does not exist insofar as the processing is necessary
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 para. 2 GDPR as well as Art. 9 para. 3 GDPR;
- For the establishment, exercise or defence of legal claims.
10.5 Right to information
If you have asserted the right to rectify, erase or restrict the processing vis-à-vis the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the data controller.
10.6 Right to data transferability
You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to have this data communicated to another person in charge without interference from the data controller to whom the personal data has been made available, provided that
- The processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
- The processing is carried out automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one data controller to another, as far as this is technically feasible. The freedoms and rights of other persons may not be impaired thereby.
The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
10.7 Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller shall no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You may exercise your right of objection in context of the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
10.8 Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your data protection declaration of consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
10.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
- Is necessary for entering into, or performance of, a contract between you and the data controller,
- Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- Is based on you explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless point a or g of Art. 9 para. 2 GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the former and the latter, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10.10 Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.