Data protection

Gramoflor GmbH & Co. KG
Diepholzer Straße 173
49377 Vechta
Tel: +49 4441 9997-0
Fax: +49 4441 9997-70
info@gramoflor.de

Data protection officer: Klaus Wessendorf (datenschutz@gramoflor.de)

Security and protection of your personal data

We view it as our primary task to ensure the confidentiality of the personal data provided by you and to protect this against unauthorised access. Therefore, we take the utmost care and apply the most modern security standards to ensure maximum protection of your personal data.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations in the German Federal Data Protection Act (BDSG). We have undertaken technical and organisational measures to ensure that the regulations regarding data protection are observed both by us and our external service providers..

 

Information regarding the collection of personal data

In case you should contact us via email or via a contact form, the data provided by you (your email address, if applicable your name and telephone number) is stored by us in order to answer your questions. We delete data accumulating in connection with this process after the storage is no longer required, or the processing is restricted in case a legal period of retention exists.

Collection of personal data in pre-contractual relationship (Interessted parties)

In the context of a pre-contractual relationship, we exclusively process personal data that are required for the desired exchange of information in the context of a pre-contractual exchange, for marketing purposes in the context of new customer acquisition or for the provision of an offer.

As a legal basis we refer here to Art. 6 para. 1 lit. f DSGVO (legitimate interest of the responsible party). The legitimate interest is in the targeted response to inquiries, the provision of requested offers and the acquisition of new customers.

Personal data will not be forwarded.

We process and store your personal data as long as this is necessary for the fulfilment of the purpose. If the purpose of processing ceases to apply, your data will be deleted on a regular basis – taking into account the statutory retention periods.

Collection of personal data in contractual relationship (customers)

Within the scope of a business relationship, we only process personal data that is required for the execution of the contractual relationship and for addressing customers.

As a legal basis we refer here to Art. 6 para. 1 lit. b DSGVO (contract performance).

Personal data will only be forwarded within the framework of legal obligations or if this is necessary for the trouble-free execution of the contract (e.g., suppliers).

We process and store your personal data if this is necessary for the fulfilment of the purpose. If the purpose of processing ceases to apply, your data will be deleted on a regular basis – taking into account the statutory retention periods.

Collection of personal data in pre-contractual relationship (applicants)

As an employer, we have a great interest in getting to know you and checking your suitability for a position in our company. An important motivation here is also to be able to substantiate the process and the decision within the application procedure with facts. Your data will only be processed to fill the position for which you have applied. In times of a shortage of skilled workers, we are interested in keeping in touch with applicants who could not be considered in a current application procedure, so that they can possibly be considered in a later procedure.

The legal basis for this is Article 88 (1) DSGVO in conjunction with Section 26 (1) BDSG and Article 9 (2) h) in conjunction with Section 22 (1) b) BDSG. The data processing serves to establish the employment relationship. In addition, the processing of health data may be necessary for the assessment of your ability to work.

Within the company, only the persons and offices involved in the decision to hire you will receive your data.

6 months after completion of the application process, your data will be deleted if no employment relationship is established. In the event of an employment relationship, we will transfer your data to your personnel file.

Collection of personal data when visiting our website

(1) In case of your use of our website to obtain information, i.e., if you do not register or otherwise transmit information to us, we only collect personal data which is transmitted by your browser to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to ensure stability and security (The legal basis is Art. 6 Para.1 S. 1 lit. f of the GPDR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Respectively transmitted data volume
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

(2) When contacting us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the backup is no longer required or the processing is restricted if there are legal retention obligations.

Use of cookies

(1) In addition to the aforementioned data, cookies are stored in your computer if you use our website. Cookies are small text files which are stored on your hard drive as assigned by your browser, and through which the entity placing the cookie receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the overall range of Internet offers available to you more user-friendly and effective.

(2) This website uses the following types of cookies, the scope and function of which are explained in the following:

  • Transient cookies (see a.)
  • Persistent cookies (see b.)

    a.Transient cookies are automatically deleted when you close the browser. This especially includes session cookies. These store a so-called session ID which allows different requests from your browser to be assigned for the mutual session. As a result, your computer can recognise whether you return to our website again. The session cookies are deleted when you log out or close your browser.
    b.Persistent cookies are automatically deleted after a specified time which can differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
    c. You may configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. So-called “third-party cookies” are cookies which have been set by a third party, and subsequently not actually by the website which you are currently visiting. We hereby wish to point out that, through the deactivation of cookies, you may not be able to use all functions of the website.

Further functions and offers of our website

(1) We offer various services besides the purely informative use of our website, which you may use if you are interested. For this purpose, you must normally provide further personal data which we use to render the respective service and for which the aforementioned principles of data processing apply.

(2) In part, we operate with external service providers for the processing of your data. These have been carefully selected and commissioned by us, are bound to our instructions and are regularly checked.

(3) Furthermore, we may transfer your personal data to third parties if special offer participations, competitions, contractual conclusions or similar performances are offered by us together with mutual partners. You will receive more detailed information regarding this after stating your personal data or below, under the description of the offer.

(4) If our service providers or partners have their headquarters in a state outside the European Economic Area (EEA), then we will inform you of the consequences of these circumstances in the description of the offer.

Use of Google Analytics

We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, is transferred to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. This function enables Google to truncate the IP address within the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and of the usage activities there. This data may also be used to provide other services related to the use of our website and the use of the internet.In addition, Google provides further information on data protection law at https://www.google.com/intl/de/policies/privacy/partners e.g. also on the possibilities of preventing the use of data.

Google also offers a so-called deactivation add-on at https://tools.google.com/dlpage/gaoptout?hl=de along with further information on this. This add-on can be installed with the usual Internet browsers and offers you further control over the data that Google collects when you access our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services. Of course, you can also find out whether and which other web analytics services we use in this privacy policy.

Integration of Google Maps

We use Google Maps on our website to show our location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when you access our website.

If you call up the Google Maps component integrated into our website, Google will store a cookie on your terminal device via your internet browser. In order to display our location and provide directions, your user settings and data are processed. We cannot exclude the possibility that Google uses servers in the USA.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in optimising the functionality of our website.

Through the connection to Google established in this way, Google can determine from which website your request was sent and to which IP address the directions are to be transmitted.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your internet browser. Details on this can be found above under the item “Cookies”..

In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use Google-Nutzungsbedingungen https://policies.google.com/terms?gl=DE&hl=de and the Geschäftsbedingungen für Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

Google also provides further information at https://policies.google.com/privacy.

Google Tag Manager

Type and scope of precessing

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services to evaluate user access to our website.

.Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager:  https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google Ads

Purpose and legal basis

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to analyse user behaviour and recognise users.

Google Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of the advertising. Furthermore, Google Ads delivers targeted advertising based on behavioural profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider.

Google Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of the advertising. Furthermore, Google Ads delivers targeted advertising based on behavioural profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can associate the visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features.

In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 Purpose and legal basis

The use of Google Ads is based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g., in the USA), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 ff. DSGVO. These are – unless otherwise stated – standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, prior to such a third country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 lit. a. DSGVO, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g., data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no influence and of which you may not become aware).

 Storage period

The concrete storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. You can find further information in the privacy policy for Google Ads: https://policies.google.com/privacy.

Google DoubleClick

Nature and scope of precessing 

We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, if a DoubleClick advertisement has previously been displayed to a user and the user subsequently makes a purchase on the advertiser’s website using the same internet browser.

A DoubleClick cookie does not contain any personal data but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.

Purpose and legal basis

We process your data with the help of the Double-Click cookie for the purpose of optimising and displaying advertising based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertisement. Each time you call up one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, it will be possible to visit our website without restriction, but not all functions may be fully available.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g., in the USA), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. DSGVO. These are – unless otherwise stated – standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 Para. 1 Sentence 1 lit. a. DSGVO, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g., data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no influence and of which you may not become aware). 

 Storage period

The concrete storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. You can find further information in the privacy policy for Google Ads: https://policies.google.com/privacy.

Privacy policy for the use of LinkedIn:

We, Gramoflor GmbH & Co KG, Diepholzer Straße 173, 49377 Vechta, maintain an online presence at www.linkedIn.de
For this purpose, we use the services of the technical platform of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn).

We would therefore like to point out that you use the service offered here and its functionalities on your own responsibility. This applies in particular to the use of interactive functions, such as sharing.

In principle, LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn page. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymised form. This gives us insights into the types of actions that people take on our site (so-called page insights). In particular, LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarised Page Insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers.

The processing is used for cross-channel communication with our customers or interested parties. The aforementioned evaluation (page insights) of the actions you take on our LinkedIn company page serves to improve our company page based on these findings as part of our public relations work. As the legal basis for this processing, we refer to Art. 6 para. 1 lit. f GDPR.

We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: LinkedIn Pages Joint Controller Addendum.

The following then applies:

  • LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link ( https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the contact details provided to exercise your rights in connection with the processing of personal data in the context of page inserts. In such a case, we will forward your request to LinkedIn.
  • LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see dataprotection.ie ) or any other supervisory authority.

Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. According to its own information, LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

 

Children

Our offer is always directed at adults. Persons under 18 years should not transmit personal data to us without the permission of their parents or legal guardian.

Rights of the affected person

(1) Revocation of consent

Provided the processing of personal data is based on granted consent, you have the right at any time to revoke this consent. Through the revocation of the consent, the lawfulness of prior processing based on this consent shall not be affected until revocation.

You may contact us at any time to exercise your right to revocation.

(2) Right of confirmation

You have the right to request confirmation from the responsible person as to whether we are processing personal data pertaining to you. You may request confirmation at any time under the aforementioned contact data.

(3) Right of information

If personal data is processed, then you may request information regarding this personal data and regarding the following information at any time:

a. The processing purpose;

b. The categories of personal data which are processed;

c. The recipient or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular in case of recipients in third countries or with international organisations;

d. If possible the planned duration for which the personal data is stored, or if this is not possible, the criteria for the determination of this duration;

e. The existence of a right of correction or deletion of personal data pertaining to you or to a restriction of the processing by the responsible persons or a right to revocation of this processing;

f. The existence of a right to lodge complaints with a supervisory authority;

g. If the personal data is not collected from the affected person, then all available information regarding the origin of this data;

h. The existence of automated decision-making including profiling acc. Article 22 Paragraphs 1 and 4 of the GDPR and – at least in these cases – informative information regarding the involved logic and the implications and desired effects of such processing for the affected person.

If personal data is transmitted to a third country or an international organisation, then you have the right to be informed of suitable guarantees acc. Article 46 of the GDPR in connection with the transmission. We provide a copy of the personal data which is the object of the processing. For all further copies which you personally request, we may demand an appropriate fee for administration costs. If you submit the application electronically, then the information is to be provided in a usual electronic format, if not otherwise stated. The right to the receipt of a copy acc. Paragraph 3 must not impair the rights and freedoms of other persons.

(4) Right to correction

You have the right to request from us the immediate correction of incorrect personal data pertaining to you. Under consideration of the purposes of the processing, you have the right to demand the completion of incomplete personal data– also through a supplementary declaration.

(5) Right to erasure (“right to be forgotten”)

You have the right to demand from the responsible person that personal data pertaining to you is immediately deleted, and we are obligated to immediately delete personal data provided one of the following reasons applies:

a. The personal data is no longer necessary for the purposes for which it was collected or has been otherwise processed.

b. The affected person revokes their consent on which the processing is based acc. Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, and no other legal basis for processing exists.

c. The affected person objects acc. Article 21 Paragraph 1 of the GDPR to the processing and no overriding reasons for the processing exist, or the affected person objects acc. Article 21 Paragraph 2 of the GDPR to the processing.

d. The personal data has been incorrectly processed.

e. The deletion of personal data is required for compliance with legal obligations according to union law or the law of a member state to which the responsible person is subject.

f. The personal data was collected with regard to services offered by the information Society acc. Article 8 Paragraph 1 of the GDPR.

If the responsible person has disclosed personal data and is obligated acc. Paragraph 1 to its deletion, then, under consideration of the available technologies and the implementation costs, they will take appropriate measures, also of a technical nature, to inform the person responsible for processing the personal data that an affected person has demanded the deletion of all links by them regarding this personal data, or any copies or replications of this personal data.

The right to deletion (“Right to be forgotten”) shall not exist if the processing is necessary for:

  • The fulfilment of a legal obligation required according to the law of the union or the member state to which the responsible person is subject, or for the performance of a task which is in the public interest or the exercising of official authority which is incumbent on the responsible person;
  • Reasons of public interest in the area of public health acc. Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 of the GPDR;
  • Archival purposes in the scope of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 Paragraph 1 of the GPDR, insofar as this does not foreseeably render the achievement of the processing objective to be impossible or seriously impaired.

The assertion, exercising or defence of legal claims.

(6) Right of restriction of processing

You have the right to demand a restriction of the processing of your personal data from us if one of the following prerequisites exist:

a. The accuracy of the personal data is disputed by the affected person, and this for a period which allows the responsible person to check the accuracy of the personal data.

b. The processing is improper, and the affected person rejects the deletion of the personal data and instead demands a restriction of the use of the personal data.

c. The responsible person no longer requires the personal data for the purposes of processing, however the affected person requires it for the assertion, exercising or defence of legal claims.

d. The affected person objects to the processing acc. Article 21 Paragraph 1 of the GDPR, provided it is not yet established whether the legitimate reasons of the responsible person do not outweigh those of the affected person.

If the processing has been restricted according to the aforementioned prerequisites, then this personal data – except its storage – shall only be processed with the consent of the affected person or for the assertion, exercising or defence of legal claims or for the protection of rights of another individual or legal entity or for reasons of significant public interest of the union or a member state.

To assert the right to a restriction of processing, the affected person may contact us at any time under the stated contact data.

(7) Right to data portability

You have the right to retain your personal data which you have provided to us in a structured, usual and machine-readable format, and you have the right to transmit this data to another responsible person without hindrance by the responsible person to whom the personal data has been provided, provided:

a. The processing is based on consent acc. Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract acc. Article 6 Paragraph 1 Letter b of the GDPR

b. The processing occurs with the aid of an automated procedure.

In case of exercising the right to data portability acc. Paragraph 1, you have the right to cause the personal data to be directly transmitted from one responsible person to another responsible person if this is technically possible. Exercising the right to data portability shall not affect the right to deletion (“Right to be forgotten”). This right shall not apply for processing which is required for executing a task which is in the public interest, or which occurs during the exercising of official authority which has been bestowed on the responsible person.

(8) Right to object

You have the right to object at any time, for reasons arising from a specific situation to the processing of personal data pertaining to you which occurs based on Article 6 Paragraph 1 Letters e or f of the GDPR; this also applies for profiling based on these regulations. The responsible person will no longer process the personal data, unless they can verify compelling reasons for this processing worthy of protection which outweigh the interests, rights and freedoms of the affected person, or the processing serves the assertion, exercising or defence of legal claims.

If personal data is processed in order to pursue direct advertising, then you have the right at any time to object to the processing of personal data pertaining to you for the purposes of such advertising; this also applies for profiling if it is in connection with such direct advertising. If you object to processing for the purposes of direct advertising, then the personal data shall no longer be processed for these purposes.

In connection with the use of services of the information society, despite the Regulation 2002/58/EU, you may object through an automated procedure in which technical specifications are used.

You have the right, for reasons which arise from a specific situation to object to the processing of personal data pertaining to you which occurs for scientific or historical research purposes or for statistical reasons acc. Article 89 Paragraph 1, unless the processing is necessary for fulfilling a task which is in the public interest.

You may exercise the right to object at any time by contacting the respective responsible person.

(9) Automated decisions in individual cases including profiling

You have the right not to be subjected to a decision exclusively based on automated processing – including profiling – which becomes legally effective against you or significantly impairs you in a similar way. This shall not apply if the decision:

a. Is necessary for the conclusion or fulfilment of a contract between the affected person and the responsible person.

b. Is permissible due to legal stipulation of the union or the member state to which the responsible person is subject, and these legal stipulations contain appropriate measures for safeguarding the rights and freedoms and the legitimate interests of the affected person.

c. Occurs with the express consent of the affected person.

d. The responsible person shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the affected person, such as at least including the right to cause the intervention of a person on behalf of the responsible person, to state their own point of view and to contest decisions.

This right may be exercised at any time by the affected person by contacting the respective responsible person.

(10) Right to complain to a supervisory authority

Furthermore, irrespective of other administrative or judicial remedies, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, workplace or location of the suspected violation if the affected person is of the opinion that the processing of the personal data pertaining to them violates this regulation.

(11) Right to an effective legal remedy

Irrespective of an available administrative legal or extrajudicial legal remedy, including the right to complain to a supervisory authority acc. Article 77 of the GDPR, you have the right to an effective legal remedy if you are of the opinion that rights vested through this regulation have been violated as a result of not processing your personal data in harmony with this regulation.