Privacy policy

Privacy policy

We, Sandmeier Consulting GmbH, take the protection of your personal data very seriously and strictly adhere to the rules of the applicable data protection laws and the principle of data economy. Personal data is only collected on this website to the extent technically necessary, or only to the extent necessary to fulfill the purpose. Under no circumstances will the collected data be sold or passed on to third parties for other reasons. The following declaration gives you an overview of how this protection is guaranteed and what type of data is collected for what purpose, as well as your options for objecting.

 

I. Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Sandmeier Consulting GmbH
August-Bebel-Str. 71-73
33602 Bielefeld
Germany

Tel.: +49 (0)521 922 796 40
E-Mail: sales@sandmeier-consulting.de

 

II. Contact details of the data protection officer

You can reach the data protection officer at:

Sandmeier Consulting GmbH
Data Protection Officer
August-Bebel-Str. 71-73
33602 Bielefeld
Germany

Tel.: +49 (0)521 922 796 40
E-Mail: datenschutz@sandmeier-consulting.de

 

III. General information on data processing

1. Scope of processing of personal data

In principle, we only process the personal data of our users and customers to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users and customers takes place regularly only with the consent of the person concerned. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

 

2. Legal basis for processing personal data

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

The legal basis for processing to fulfill a legal obligation of the person responsible results from Article 6 Paragraph 1 Letter C GDPR.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Letter d GDPR serves as the legal basis.

In order to safeguard the legitimate interests of the person responsible or a third party, processing is carried out in accordance with Article 6 Paragraph 1 Letter f GDPR, provided that the interests or fundamental rights of the person concerned do not prevail.

 

3. Data Erasure and Storage Duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies, or the person concerned requests a change / deletion of the data. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Special features and deviations from the storage period and data deletion are listed individually in the data protection declaration.

 

4. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

 

IV. Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected here:

(1) Information about the browser type and version used

(2) The user's operating system

(3) The IP address of the user

(4) Date and time of access

(5) Websites from which the user's system accesses our website

(6) Websites accessed by the user's system via our website

The data is also stored in the log files of our system. This does not affect other data that enable the data to be assigned to a user. This data is not stored together with other personal data of the user.

The data listed cannot be assigned to specific persons for the operator of the site. A combination of this data with other data sources is not carried out, the data will also be deleted after the purpose has been achieved and / or an anonymous statistical evaluation or after 60 days at the latest.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in these purposes.

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

V. Use of cookies

The Internet pages of Sandmeier Consulting GmbH use so-called cookies in several places. They serve to make the offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies used here are so-called “session cookies”. They are automatically deleted after your visit. In addition, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again. Cookies do not damage your computer and do not contain viruses. Some elements of our website require that the calling browser can be identified even after a page change. The log-in information is stored and transmitted in the cookies. The user data collected by technically necessary cookies are not used to create user profiles.

We also use cookies on our website, which enable an analysis of the surfing behavior of users. Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

In this way, the frequency of page views and the use of website functions can be transmitted. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and are referred to this data protection declaration. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. The transmission of Flash cookies cannot be prevented via the browser settings, but can be prevented by changing the Flash Player settings.

 

VI. Newsletter

You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us.

(1) Salutation

(2) First Name and Last Name

(3) Company

(4) Email

In addition, the IP address of the calling computer (without being passed on to CleverReach) and the date and time of registration are collected during registration.

Your consent will be obtained for the processing of the data as part of the registration process and reference will be made to this data protection declaration.

If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter.

We use the so-called double opt-in procedure to ensure that the newsletter is sent in a consensual manner. In the course of this, the potential recipient can be included in a mailing list. The user then receives a confirmation e-mail with the opportunity to confirm the registration in a legally secure manner. The address will only be actively included in the mailing list if the confirmation is received. We use this data exclusively for sending the requested information and offers.

CleverReach is used as newsletter software. Your data will be transmitted to CleverReach GmbH & Co KG. CleverReach is prohibited from selling your data and using it for purposes other than sending newsletters. CleverReach is a certified provider that was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act. More information can be found here: https://www.cleverreach.com/de/datenschutz/ and https://www.cleverreach.com/de/datensicherheit/
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "Unsubscribe" link in the newsletter.

The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.

 

VII. Registration / Login

1. Description and scope of data processing, but in particular not complete for SLSM and contract service management

On our website, we offer users the option of registering by providing personal data (user name). The data is entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collected as part of the registration process:

(1) Surname / First Name

(2) telephone / mobile phone

(3) Company / Address

(4) Email

At the time of registration, the IP address of the user and the date and time of registration/login are also saved:

As part of the registration process, the user's consent to the processing of this data is obtained.

The data is only processed in order to show the user the content that has been stored and made available to us or by us and to separate his area from the public or private area of ​​other users.

 

2. Possibility of objection and elimination

 As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time.

If the data is required to fulfill a contract or to carry out pre-contractual measures, the data can only be deleted prematurely if there are no contractual or legal obligations to the contrary.

A change or deletion of your data can be initiated as follows:

(1) Termination of Contract

(2) Withdrawal of Consent

(3) Request for deletion / change via email to datenschutz@sandmeier-consulting.de

Please note that all data will be deleted. In this respect, it is up to the customer to back up their data beforehand or to request that the data be handed over.

 

VIII. Contact form and email contact

There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These dates are:

(1) Email

(2) Salutation (optional)

(3) Title (optional)

(4) First name (optional)

(5) Surname (optional)

(6) Company (optional)

(7) Telephone (optional)

The time of sending is also recorded and transmitted. Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

You can withdraw your consent by sending an informal email to datenschutz@sandmeier-consulting.de.

All personal data that was saved in the course of making contact will be deleted in this case.

 

IX. Applications

Sandmeier Consulting collects and processes personal data as part of the application process exclusively for this purpose. The data is mainly processed electronically. This applies in particular if the application was submitted electronically. The personal and other data associated with the application can only be processed by the persons involved in the application process. If the application process ends with an employment contract, the personal data will be processed within the legal framework for the purpose of the employment. If no employment takes place, the personal and other transmitted data will be automatically deleted after six (6) months, provided that there are no legitimate interests of Sandmeier Consulting to the contrary. Such a legitimate interest can be, for example, a burden of proof from the General Equal Treatment Act. In addition, the under XV. Rights of the data subject listed information and rights.

 

X. Events (webinars, seminars, etc.)

On the website and via the online portal XING, users have the opportunity to register for participation in the events offered by Sandmeier Consulting. In this context, Sandmeier Consulting collects and processes the following personal data for the organization, implementation and follow-up of the events as well as for the transmission of information:

(1) Salutation

(2) First name

(3) Surname

(4) Company

(5) Address (optional)

(6) Telephone number (optional)

(7) email address

The data is mainly processed electronically. This applies in particular if the registration was made electronically. The personal and other data associated with the registration can only be processed by the persons involved in the event management. If the event results in an order from Sandmeier Consulting, the personal data can be processed within the legal framework for the purpose of contract initiation and processing. The statements in "III. General information on data processing" apply analogously. If no order is placed, the personal and other transmitted data will be automatically deleted after thirty-six (36) months, provided that there are no legitimate interests of Sandmeier Consulting to the contrary. In addition, the under "XV. Rights of the data subject" listed information and rights.

 

XI. Social media (LinkedIn, Xing)

On our website you will find links to the social media services LinkedIn and Xing of Sandmeier Consulting. If you follow these links, you will reach Sandmeier Consulting's corporate website on the respective social media service. Please note that activating a link means that certain data can be transmitted to the provider of the social media service. These are for example:

(1) Address of the website on which the activated link is located

(2) Date and time the website was accessed or the link was activated

(3) Information about the browser used and the operating system used

(4) IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may also be able to determine your user name and possibly even your real name from the transmitted data. This data can also be processed by the provider of the social media service in countries outside the European Union. We have no influence on the scope, type and purpose of data processing by the provider of the social media service.

Please note that the provider of the social media service is able to create pseudonymised or even individualized usage profiles with the above data.

The servers of the social media services are located in the USA and other countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as in the member states of the European Union. You can find more detailed information on the use of your data by the social media services integrated on our website in the data protection regulations of the respective social media service.

 

XII. Web analysis by Google Analytics

We use the web analysis service Google Analytics from Google Inc. on our website. This uses cookies. These are text files which, by being stored on your PC, allow an analysis of your user behavior in relation to our website. The cookies generate information that is transmitted to a Google server. These servers are usually located in the USA, but follow agreements on the use of the European Economic Area and shorten your IP address before transmission to the United States and within the member states of the European Union. Only in exceptional cases will the IP address be shortened after transmission to the USA. Google evaluates the information transmitted and provides additional services for us website operators in this context. Google Analytics cookies are stored on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. The determined IP address is not merged with other Google services. You can prevent the storage of cookies on your computer by changing your browser settings. However, this may result in display and functional restrictions when using our website. A browser plug-in also prevents the collection and use of the data generated by the cookies. You can download it from the following link: tools.google.com/dlpage/gaoptout Find out more about the data protection conditions of Google and Google Analytics at: www.google.com/analytics/ terms/de.html or at www.google.de/intl/de/policies/. We would like to point out that on this website Google Analytics has been expanded to include the "anonymizeIp" code in order to ensure that IP addresses are recorded anonymously (so-called IP masking).

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

XIII. Google AdWords

On our website, we use Google AdWords, an online advertising program from Google Inc. Conversion tracking is also used. With this tool, Google AdWords places a cookie on your PC if you access our website via a Google advertisement. The cookie is no longer valid after 30 days. It is not used for personal traceability. If you visit our website as a user and the cookie is still working, we and Google will recognize that you have clicked on the relevant ad and have been forwarded to our site. Each Google AdWords customer is assigned a different cookie. In this way, cookies cannot be tracked via the websites of AdWords customers. Conversion statistics for AdWords customers are created with the data collected by conversion cookies. As a customer, we learn the total number of users who responded to our ad and were then directed to a website that was tagged with a conversion tracking tag. During this process we do not receive any information with which we could personally identify you as a user. If you reject the tracking process, the Google conversion tracking cookie can be deactivated via your Internet browser. If necessary, use the browser's help function for further information. You can find out more about Google's privacy policy at https://www.google.de/policies/privacy/.

 

XIV. Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). With reCAPTCHA it should be checked whether the data entry on our website (e.g. in a contact form) is done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the website visitor spends on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and from SPAM. For more information about Google reCAPTCHA and Google's privacy policy, see the following links: https://www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.

 

XV. YouTube

We have integrated videos from YouTube on this website, which are stored on www.YouTube.com and can be played directly from our website.

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The videos are all integrated in "extended data protection mode", i. H. that no data about you as a user will be transmitted to YouTube if you do not play the videos. A connection to a YouTube server is only established via the browser when you play the videos. Device-specific information including the IP address and which of our websites you have visited are thereby transmitted to YouTube. We have no influence on this data transmission. By clicking on the video, you agree to this transmission.

If you are logged in to YouTube at the same time, YouTube recognizes which specific page of our website you are visiting when you call up a page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. You can prevent this by logging out of your YouTube account before visiting our website.

Further information on data protection in connection with YouTube can be found in Google's data protection regulations: policies.google.com/privacy. There you will also find further information on your rights and setting options to protect your privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

 

XVI.     Live-Chat Tawk.to

This website optionally offers the use of Tawk.to (a live chat software from tawk.to Inc., with offices at 187 East Warm Springs Rd, SB298, Las Vegas, Nevada, 89119).

The chat is integrated into the source text of the website via a script. As soon as you call up the chat, a connection to the tawk.to Inc servers is established. Tawk.to saves your IP address and uses "cookies", which are small text files that are placed and stored on your computer system to enable a personal conversation with you in the form of a real-time chat on the website .

You can prevent the storage of cookies by setting your browser software accordingly; in this case, the live chat function and other functions of this online offer may no longer be fully available to you.

By using the chat you automatically use the services of tawk.to. All data that you enter in the chat window is transferred to tawk.to and stored there. If you do not provide any personal information (e.g. real name, e-mail address, telephone number, etc.) in the chat, no conclusions can be drawn about your person.

The data collected, processed and stored by tawk.to includes: chat history, date and time of access, browser type/version, operating system used, IP address at the time of the chat, URL of the previously visited website and country of origin. These data are not passed on to third parties, are only used for protection and for internal statistics and are deleted after 3 months. By using the chat, you agree to this use and storage of the data.

You can find more detailed information on how tawk.to Inc deals with data protection regulations in their data protection information at www.tawk.to/data-protection/ (only available in English).

 

XVII. Rights of the data subject

If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:


1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.

If such processing is present, you can request information from the person responsible for the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information about the origin of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

 

2. Right to Rectification

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.


3. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

(1) if you dispute the accuracy of the personal data concerning you, for a period enabling the person responsible to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

 

4. Right to erasure

a) Obligation to delete

You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing.

(3) You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.

(4) The personal data concerning you was processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6) The personal data concerning you was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

b) Information to third parties

If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

 c) Exceptions

The right to erasure does not exist if processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller became;

(3) for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the law referred to under Section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

 

5. Right to Information

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.


6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

(2) the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

 

7. Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

 

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.


9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,

(2) is permitted by law of the Union or the Member States to which the person responsible is subject and this law contains appropriate measures to protect your rights and freedoms and your legitimate interests or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests .

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.

 

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates violates the GDPR.

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Let’s talk about your IT projects.

Simply get in touch with us!