Data Security

A.    Data privacy statement after GDPR

 

I.    Name and address of the responsible person

 

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

 

CONTRA Sport Tischtennis Service Koschnick & Sohns GmbH

Heidekoppel 26

24558 Henstedt-Ulzburg

Germany

Tel .: 04193-99180

E-mail: info@contra.de

Website: www.contra.de

 

II.    Name and address of the data protection officer

 

The data protection officer is:

 

Pedro de Sousa

CONTRA Sport Tischtennis Service Koschnick & Sohns GmbH

Heidekoppel 26

24558 Henstedt-Ulzburg

Germany

Tel .: 04193-991811

E-Mail: datenschutz@contra.de

Website: www.contra.de

 

III.      General information about data processing

 

1.          Extent of processing of personal data

 

In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

 

2.       Legal basis for the processing of personal data

 

Insofar as we obtain the consent of the data subject for processing of personal data, Art.   6 para.   1 lit.   a EU General Data Protection Regulation (GDPR) as legal basis.

In the processing of personal data, is used to perform a contract, the contracting party is the person concerned is required Art.   6 para.   1 lit.   b GDPR as legal basis. This also applies to processing operations required to carry out pre-contractual actions.

 

Insofar as processing of personal data is necessary to fulfill a legal obligation, the subject to our company, Art serves .   6 para.   1 lit.   c GDPR as legal basis.

 

In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art.   6 para.   1 lit.   d GDPR as legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, Art.   6 para.   1 lit.   f GDPR as legal basis for processing.

 

3.    Data erasure and storage duration

 

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, storage may occur if This was provided by the European or national legislation in EU law regulations, laws or regulations, where the V erantwortliche subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned above expires , unless there is a need for further storage of the data for concluding a contract or fulfillment of the contract.

 

IV.               Provision of the website and creation of log files

 

1.          Description and scope of data processing

 

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

 

(1)      Information about the browser type and version used

(2)    The operating system of the user

(3)    Internet service - provider of the user

(4)    The IP address of the user

(5)    Date and time of access

(6)    Website s from which the system of the user comes to our website

(7)    Website s that are accessed by the user's system through our website

 

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place. 

 

2.          Legal basis for data processing

 

Legal basis for the temporary storage of data and logfiles i st Art.   6 para.   1 lit.   f GDPR.

 

3.          Purpose of the data processing

 

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

The storage in log files is done to ensure the functionality of the website. Moreover, the data to optimize the website and to ensure the security of our information technology systems serve us. An evaluation of the data for marketing purposes does not take place in this context.

In this purpose s also our legitimate interest in the data processing in the manner of lies.   6 para.   1 lit.   f GDPR

 

4.          Duration of storage

 

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

 

5.          Opposition and removal possibility

 

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

 

6.          EHI seal

 

On our website we use the seal "EHI Certified Online Shop", a widget of the EHI Retail Institute GmbH, Spichernstraße 55, 50672 Cologne ("EHI"). When visiting our website, dynamic contents (current rating of the shop, certificate, etc.) are loaded into thewidget by EHI servers . Your IP address, the previously visited website, the date and time of the call, the amount of data transferred, the browser type and version, the operating system you are using and the requesting provider ( referrer data) are transmitted to the EHI servers. Processing is based on our predominant legitimate interest in optimizing our offer according to Art. 6 para. 1 f) GDPR.

For more information about privacy at EHI, see:

www.ehi-siegel.de/datenschutz

 

7.          data security

 

For data transfer, for example when entering your customer data in the order form or in the contact form we offer you the so-called SSL security procedure (Secure Socket Layer) in connection with a 256-Bit-Encryption.

You will see the transmission of encrypted data at the presentation of a closed key or lock icon in the lower status bar of your browser.

We use the utmost care and the highest security standards to protect your personal data from unauthorized access or data loss. We point out that the data transmission in the Internet (eg in the communication by E-Mail) can exhibit security gaps. A complete protection of the data from access by third parties is not possible.

 

V.        Use of cookies

 

1.      Description and scope of data processing

 

Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user's computer system. When a user browses a Web site, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.

The following data is stored and transmitted in the cookies :

 

(1)    language settings

(2)    Articles in a shopping cart

(3)    Log-in information

(4)    currency settings

(5)    Caching settings

(6)    Status of free product notification

(7)    Affiliate data

 

In addition, we use cookies on our website that allow an analysis of users' browsing behavior.

In this way, the following data can be transmitted:

 

(1)    Frequency of page views

(2)    Use of website

(3)    Matomo ( Piwik ) analysis data (see IX.)

 

The data of the users collected in this way are pseudonymized by technical precautions . Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the users.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.

When you call our website, the user is informed about the use of cookies for analysis and obtained his consent to the processing of personal data connexion used in this. In this context, there is also a reference to this privacy policy.

 

2.      Legal basis for data processing

 

The legal basis for the processing of personal data using technically necessary cookies is Art.   6 para.   1 lit.   f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art.   6 para.   1 lit.   a GDPR.

 

3.     Purpose of the data processing

 

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

We require cookies for the following applications:

 

(1)    shopping cart

(2)    Transfer of language settings

(3)    Remember the currency

(4)    Order processing by guests

 

The user data collected through technically necessary cookies will not be used to create user profiles.

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.

For these purposes, our legitimate interest lies in the processing of personal data by type.   6 para.   1 lit.   f GDPR.

 

4.     Duration of storage, objection and disposal options

 

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser Y ou can turn off or limit the transmission of cookies.Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

 

VI.     Newsletter

 

1.          Description and scope of data processing

 

On our website you can subscribe to a free newsletter. The data from the input mask are transmitted to us when registering for the newsletter.

 

(1)    e-mail address

 

For the processing of the data, your consent is obtained during the registration process s and reference is made to this privacy policy.

 

In connection with the processing of data for the sending of newsletters, there is no disclosure of the data to third parties. The data will be used exclusively for sending the newsletter.

 

2.          Legal basis for data processing

 

The legal basis for t he processing of data by registration for the newsletter by the user is when there is a consent of the user type.   6 para.   1 lit.   a GDPR.

 

3.          Development purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter.

 

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.

 

4.          Duration of storage

 

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.

 

The other personal data collected during the registration process will normally be deleted after a period of seven days.

 

5.          Opposition and removal possibility

 

Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter.

 

This also allows a revocation of the consent to the storage of the personal data collected during the registration process.

 

VII.             Registration

 

1.          Be scription and scope of data processing

 

On our website, we offer users the opportunity to register by providing personal information. The data is entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collectedduring the registration process:

 

(1)    salutation

(2)    first given name

(3)    Surname

(4)    Birthday (optional)

(5)    Telephone (optional)

(6)    e-mail address

(7)    Club / company (optional)

(8)    Ust -ID (optional)

(9)    address

 

At the time of registration, the following data is also stored:

 

(1)    The IP address of the user

(2)    Date and time of registration

(3)    language

 

As part of the registration process, the consent of the user to process this data is obtained.

 

2.          Legal basis for data processing

 

Legal basis for the processing of the data is in the presence of a consent of the user Art.   6 para.   1 lit.   a GDPR.

 

3.          Purpose of the data processing

 

User registration is required for the provision of certain content and services on our website.

 

1)       order history

2)       Customized prices

 

4.          Duration of storage

 

The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

 

This is the case for the data collected during the registration process when the registration on our website is canceled or modified.

 

5.          Opposition and removal possibility

 

As a user, you always have the option to terminate the registration. You can change the data stored about you at any time.

 

A change of the data is possible at any time via the online customer account. To delete the data, send an e-mail to support@contra.de .

 

VIII.     Contact form and e-mail contact

 

1.               Description and scope of data processing

 

On our website is a contact form available, which can be used for electronic contact. If a user this possibility wa h r, the input in the input form data is sent to us and saved. These data are:

 

(1)    Surname

(2)    e-mail address

(3)    Phone optional)

(4)    comment

 

At the time of sending the message, the following data is also stored:

 

(1)    Date and time of registration

 

For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement .

 

Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.

 

There is in this context no transfer of data to third parties. The dates n are used exclusively for processing the conversation .

 

2.          Legal basis for data processing

 

Legal basis for the processing of the data is in the presence of a consent of the user Art.   6 para.   1 lit.   a GDPR.

 

The legal basis for the processing of the data received during the sending of an e-mail, is Art.   6 para.   1 lit.   f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art.   6 para.   1 lit.   b GDPR.

3.          Purpose of the data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other processed during Absendevorgangs personal data are used to prevent misuse of the contact form and ensure the security of our information technology systems.

 

4.          Duration of storage

 

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

 

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

 

5.         Opposition and removal possibility

 

The user always has the option to withdraw their consent for the processing of persone nbezogenen data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

 

For a contradiction and a removal of personal data send an email to support@contra.de .

 

All personal data that has been stored in the course of the contact, are deleted in this case.

 

IX.                Web analysis by Matomo (formerly PIWIK)

 

1.          Extent of processing of personal data

 

On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software sets a cookie on the computer of the users (for cookies see above). If individual pages of our website are called, the following data is stored:

 

(1)    Two bytes of the IP address of the user's calling system

(2)    The website called

(3)    The website from which the user came to the called website ( referrer )

(4)    The subpages that are called from the called web page

(5)    The length of stay on the website

(6)    The frequency of calling the webpage

 

The software runs exclusively on the servers of our website. A storage of the personal data of the users takes place only there. A transfer of the data to third parties does not take place.The software is set so that the IP addresses are not completely stored but 2 bytes of the IP address are masked (eg 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

 

2.          Legal basis for the processing of personal data

 

The legal basis for the processing of users' personal data is Art.   6 para.   1 lit. f GDPR.

 

3.          Purpose of data processing

 

The processing of users' personal data enables us to analyze the surfing behavior of our users. By analyzing the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. For these purposes our legitimate interest lies in the processing of the data according to Art. 6   Section.   1   lit.   f   GDPR. The anonymisation of the IP address sufficiently takes into account the interest of users in their protection of personal data.

 

4.          Duration of storage

 

The data will be deleted as soon as they are no longer needed for our recording purposes. 
In our case, this is the case after 60 days .

The reports generated from the logs are removed after 24 months.

 

5.          Opposition and removal possibility

 

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

For more information on the privacy settings of the Matomo software, please visit the following link: https://matomo.org/docs/privacy/ .

 

 

X.                  Data processing for order processing

 

1.        Be scription, scope and purpose of data processing

 

For order processing purposes, we cooperate with the following service providers who assist us wholly or partially in the execution of closed contracts. These personal data will be transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of the contract, insofar as this is necessary for the delivery of the goods. We will pass on your payment details to the commissioned bank as part of the payment process, if this is necessary for the payment process. If payment service providers are used, we will inform you explicitly below.

 

(1)       DHL

If the delivery of the goods by the transport provider DHL (German Post AG Charles-de-Gaulle-Straße 20, 53113 Bonn), so we give for the purpose of notification in accordance with Art. 6 para. 1 lit. b GDPR only the name of the recipient and the delivery address to DHL. Passing on is only to the extent necessary for the delivery of goods. The consent can be withdrawn at any time with effect for the future against the person named above or against the transport service provider DHL.

 

(2)       paypal

For payment via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we will transfer your payment data to PayPal (Europe) Sarl as part of the payment process . et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), continue. The information shall be in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for the payment process.

PayPal reserves itself for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment" via PayPal the execution of a credit check. For this, your payment information, if necessary, in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest of PayPal in the determination of their solvency to credit bureaus passed. The result of the credit check on the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values ​​(so-called score values). Insofar as score values ​​are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values ​​includes, but is not limited to, address data. For further data protection information, among other things to the used credit reference agencies, please refer to the privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if this is necessary for the contractual payment.

 

(3)   SOFORT

If the payment method "SOFORT" is selected, the payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT"), to which we will disclose your information communicated during the ordering process in addition to the information about your order in accordance with Art. lit 6 para. 1,. b Pass on GDPR. Sofort GmbH is part of the Klarna Group ( Klarna Bank AB ( publ ), Sveavägen46, 11134 Stockholm, Sweden). The transfer of your data is exclusively for the purpose of processing payments with the payment service provider SOFORT and only insofar as it is necessary for this. Further information about the privacy policy of SOFORT can be found at the following Internet address: https://www.klarna.com/sofort/datenschutz

You can object to the storage and use of your data for this purpose at any time by a message to the service provider .

 

(4)   Amazon Pay

If you choose the "Amazon Pay" payment method, payment will be processed via the payment service provider Amazon Payments Europe sca ., 5 Rue Plaetis , L-2338 Luxembourg ("Amazon Payments "), to which we will disclose your information communicated during the ordering process lit information about your order in accordance with Art. 6 para. 1,. b Pass on GDPR. The transfer of your data takes place exclusively for the purpose of the payment transaction with the payment service Amazon Payments and only insofar as it is necessary for this. For more information about Amazon Payments' privacy policy, visit the following Internet address : https://pay.amazon.com/help/201751600

You can object to the storage and use of your data for this purpose at any time by a message to the service provider .

 

2.       Legal basis for the processing of personal data

 

The legal basis for the transfer of users' personal data is Art.   6 para.   1 lit. f GDPR.

 

 

XI.                Rights of the person concerned

 

If personal data is processed by you, you are iSd concerned . GDPR and you have the following rights to the person responsible:

 

1.          right to be informed

 

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is available, you can request information from the person responsible about the following information:

 

(1) the purposes for which the personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data                        relating to you have been disclosed or are still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the source of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision making including profiling according to Art.   22 para.   1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, as well as the scope and intended impact of such processing on the data subject.

 

You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art.   46 GDPR in connection with the transmission to be informed.

 

2.          Right to rectification

 

You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.

 

3.          Right to restriction of processing

 

You may request the restriction of the processing of your personal data under the following conditions:

 

(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;

(2) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;

(3) the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you object to the processing in accordance with Art.   21 para.   1 GDPR have been inserted and not yet fixed is whether the legitimate reasons of the person responsible outweigh your reasons.

 

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, the person responsible will inform you before the restriction is lifted.

 

4.          Right to delete

 

a)         deletion obligations

 

You can ask the person responsible that the personal data concerning you will be immediately deleted, and the manager is obligated to delete that information immediately, unless one of the following reasons applies:

 

(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent to the processing gem. Art.   6 para.   1 lit.   a or kind.   9 para.   2 lit.   a GDPR supported, and there is a lack of otherwise legal basis for the processing.

(3) You gem gem. Art.   21 para.   1 GDPR objection to the processing and there are no prior justifiable reasons for processing, or you lay gem. Art.   21 para.   2 GDPR objection to the processing.

(4) Your personal data has been processed unlawfully.

(5) The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) Your personal data relating to information society services provided in accordance with Art.   8 para.   1 GDPR levied.

 

b)         Information to third parties

 

If the person in charge has made the personal data concerning you public and is acc. Art.   17 para.   1 GDPR committed to their deletion, it takes appropriate measures, including technical means, to inform data controllers who process the personal data, taking into account the technology available and the implementation costs, that you as the data subject of the deletion all links to these personal data or copies or replications of personal data requires ha ben.

 

c)         exceptions

 

The right to erasure does not exist if the processing is necessary

 

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;

(3) for reasons of public interest in the field of public health according to Art.   9 para.   2 lit.   h and i as well as Art.   9 para.   3 GDPR ;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Art.   89 para.   1 GDPR , insofar as the law referred to in section a) is likely to render impossible or seriously affect the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

 

5.          Right to information

 

If you have the right of rectification, erasure or restriction of processing to the controller, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to the person responsible to be informed about these recipients.

 

6.         Right to data portability

 

They have the right to receive the personal information that you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

 

(1) the processing on a consent acc. Art.   6 para.   1 lit.   a GDPR or Art.   9 para.   2 lit.   a GDPR or on a contract acc. Art.   6 para.   1 lit.   b GDPR is based and

(2) the processing is done using automated procedures.

In exercising this right, you have also to obtain that your personal data shall be transmitted directly from one another responsible person responsible, to the extent technically feasible the right. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

 

7.          right of objection

 

You have the right at any time, for reasons that arise from your particular situation, to prevent the processing of your personal data, which, pursuant to Art.   6 para.   1 lit.   e or f GDPR takes an objection; this also applies to profiling based on these provisions .

The controller will no longer process the personal data relating to you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out through automated procedures that use technical specifications.

 

8.          Right to revoke the data protection consent declaration

 

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

 

9.          Automated decision in the case including profiling

 

You have the right, not one solely on automated processing - to be subject-based decision, the will unfold over rec htliche effect or S he gets serious in a similar way - including profiling. This does not apply if the decision

 

(1) is required for the conclusion or performance of a contract between you and the controller,

(2) is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) with your express consent.

 

However, these decisions may not apply to specific categories of personal data under Art.   9 para.   1 GDPR , unless Art.   9 para.   2 lit.   a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3) , the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.

 

10.      Right to complain to a supervisory authority

 

Notwithstanding an otherwise administrative or legal proceedings, you have the right to appeal to an oversight authority, in particular in the Member State of their residence, their place of work or the location of the alleged violation to if you are of the opinion that the processing of personal data concerning against the GDPR violates.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy by type.   78 GDPR .