Data Privacy Statement in accordance with the GDPR

Name and address of the responsible body

The responsible body within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:


Markus Temming GmbH
An der Manufaktur 1
33334 Gütersloh
Germany
Tel.: +49 (0) 5241. 74343-0
Email: datenschutz@markus-t.com
Website: www.markus-t.com

Name and address of the data protection officer

The Data Protection Officer for the responsible body is:

Markus Weuthen
EU-CON BeraterForum GmbH
Waldfeuchter Str. 266
52525 Heinsberg
Germany
Tel.: +49 (0) 2452 - 99 33 11                                   
Email: datenschutz@markus-t.com
Website: https://www.eu-con.de

 

General information on data processing

Scope of personal data processing

We only process the personal data of our users insofar as this is required for the provision of a functional website and of our content and services. The processing of the personal data of our users only takes place regularly with the consent of the user. An exception is made in cases in which it is not possible to obtain prior consent for practical reasons and the data processing is permitted by legal provisions.

Legal basis for the processing of personal data

Insofar as we obtain consent from the person concerned for personal data processing operations, Art. 6 para. 1 letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. Art. 6 para. 1 letter b GDPR serves as the legal basis for personal data processing that is necessary for the fulfilment of a contract to which the person concerned is a contracting party. This also applies to processing operations that are required for the execution of pre-contractual measures. Insofar as personal data processing is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 letter c GDPR serves as the legal basis. In the event that the vital interests of the person concerned or another natural person require the processing of personal data, Art. 6 para. 1 letter d GDPR serves as the legal basis. If the processing is required to preserve the legitimate interests of our company or of a third party and the interests, basic rights and basic freedoms of the person concerned do not outweigh the interests of the former, then Art. 6 para. 1 letter f GDPR serves as the legal basis for processing.

Data deletion and storage period

The personal data of the person concerned is deleted or blocked as soon as the purpose for storage ceases to apply. The data may continue to be stored if this is provided for by European or national legislators through directives, laws or other provisions which apply to the responsible body. The data is also blocked or deleted upon the expiry of a retention period as stipulated by the standards mentioned, unless it is necessary to continue to store the data for the purpose of concluding or fulfilling a contract.

 

Transmission to third-party countries

If we process data in a third-party country (i.e., outside of the European Union (EU) or the European Economic Area (EEA)), or if this occurs during the use of services provided by third parties or the disclosure or transmission of data to third parties, this shall only happen if it serves to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual agreements, we shall only process or allow data to be processed in a third-party country under the specific conditions stated in Art. 44 et seq. GDPR. This means that the processing is carried out, e.g., on the basis of special guarantees such as the officially recognised determination of a data protection level corresponding with that of the EU (e.g., the “Privacy Shield” for the USA) or to observe officially recognised special contractual obligations (so-called “standard contractual clauses”).


Provision of the website and generation of log files

Description and scope of data processing

Each time our website is opened, our system automatically collects data and information from the computer system of the visiting computer.  The following data is collected:


(1) Information on the browser type and version used  


(2) The user’s operating system


(3) The user’s IP address


(4) Date and time of access


(5) Websites from which the user’s system arrived on our website   


(6) Websites that are accessed by the user’s system via our website


The data is stored in our system’s log files. This data is not stored with other pieces of the user's personal data.


Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 letter f GDPR.


Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage of data in log files takes place in order to ensure the functionality of the website. Furthermore, the data allows us to optimise the website and to ensure the security of our information technology system. The data is not evaluated for marketing purposes in this context. These purposes also constitute our legitimate interest in processing data in accordance with Art. 6 para. 1 letter f GDPR.


Duration of storage

The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected. In the event of data collection in order to provide the website, the data is deleted when the session ends. In the event of data storage in log files, this data is deleted after seven days at the latest. It is possible that data may continue to be stored. In this case, the IP addresses of the users are deleted or distorted so that they can no longer be allocated to the client visiting.


Possibility of objection and disposal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore, the user does not have the option to object.


Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (”Google”). Google Analytics uses so-called “cookies”, text files which are stored on your computer and enable the analysis of your use of the website. The information on your use of this website generated by the cookies (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activities for the website operator and to provide further services associated with use of the website and the Internet. If necessary, Google will also transmit this information to third parties if this is required by law or if third parties process this data on behalf of Google. In no event shall Google connect your IP address with other Google data. You can prevent the installation of cookies by changing the corresponding settings of your browser software; however, please note that, in this case, you may not be able to use all of the functions of this website in full. By using this website, you agree to Google processing the data collected about you  in the manner described previously and for the purpose set out above. You can also prevent Google from collecting the data relating to your use of the website (incl. your IP address) that is generated by the cookie as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en). You can prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be installed which prevents the future collection of your data when visiting this website:


Deactivate Google Analytics


More information on the terms of use and on data protection. Please note that Google Analytics has been extended by the code “gat._anonymizeIp();” on this website in order to ensure the anonymous collection of IP addresses (known as IP masking).


Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive string of characters that enables the browser to be clearly identified when a user visits the website again. We use cookies in order to make our website more user-friendly. Some elements of our website require that the browser visiting the website can also be identified after leaving the page. The cookies hold and transmit data that relates to navigation of the website. We also use cookies on our website that enable the analysis of a user's browsing behaviour.


The following data may be transmitted in this manner:


(1) Frequency of visits to the website


(2) Use of website functions


The user data collected in this manner is pseudonymised through technical measures. It is therefore no longer possible to assign data to the user visiting. The data is not stored with other pieces of the user's personal data. Upon opening our website, users are informed of the use of cookies for analysis purposes by an information banner and are referred to this data privacy statement. In this context, we also provide information on how the storage of cookies can be prevented in your browser settings. When opening our website, the user is informed of the use of cookies for analysis purposes and their consent to processing the personal data used in this context is obtained. In this context, reference is also made to this data privacy statement.


Legal basis for data processing

The legal basis for personal data processing using cookies is Art. 6 para. 1 letter f GDPR.


Purpose of data processing

The purpose of applying cookies that are technically necessary is to simplify the use of websites for users. Some of the functions of our website cannot be provided without the use of cookies. For these functions, it is necessary that the browser be recognised even after the user has left the page. We require cookies that relate to navigation of the website. The user data collected through cookies that are technically necessary is not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. We can learn from the analysis cookies how the website is used, which allows us to continuously optimise our service. These purposes also constitute our legitimate interest in processing personal data in accordance with Art. 6 para. 1 letter f GDPR.


Storage period, possibility of objection and disposal

Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, the user also has full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also happen automatically. If cookies are deactivated for our website, you may no longer be able to use all of the functions of the website in full.


Newsletter

Description and scope of data processing

If you purchase goods or services on our website and thereby disclose your email address, we may subsequently use this for the purposes of sending a newsletter. In such a case, only direct advertising for similar goods or services is sent via the newsletter. Data is not transmitted to third parties in connection with data processing for the dispatch of newsletters. The data is used exclusively to send the newsletter. The newsletter is sent via the dispatch service “MailChimp”, a newsletter dispatch platform by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection provisions of the dispatch service provider can be found here:https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and therefore provides a guarantee to observe the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The dispatch service provider is engaged on the basis of our legitimate interests in accordance with Art. 6 para. 1 letter. f GDPR and a contract for data processing in accordance with Art. 28 para. 3 sentence 1 GDPR. The dispatch service provider may use the recipient’s data in a pseudonymous form, meaning that it cannot be assigned to a user, for the optimisation or improvement of their own services, e.g., to optimise the dispatch and display of the newsletter or for statistical purposes. However, the dispatch service provider shall not use the data of those receiving our newsletter to write to them themselves or to share the data with third parties.


Legal basis for data processing

The legal basis for sending the newsletter after the purchase of goods or services is Section 7 para. 3 of the Unfair Competition Act (UWG).


Purpose of data processing

The collection of the user’s email address serves the purpose of delivering the newsletter.


Duration of storage

The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected. The user’s email address is then stored for as long as the newsletter subscription remains active.


Possibility of objection and disposal

The subscription to the newsletter can be terminated by the user concerned at any time. In this respect, a link can be found in each newsletter.


Social media

We maintain an online presence within social networks and platforms in order to communicate with the customers, potential customers and users that are active on these platforms, and to be able to provide them with information on our services there. When visiting each network or platform, the respective operator’s terms and conditions and data processing guidelines apply. Unless otherwise stated in our Privacy Policy, we process the user's data if the user communicates with us within the social networks and platforms, e.g. posting on our social network pages or sending us messages.

Integration of services and content provided by third parties

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our website within the meaning of Art. 6 para. 1 letter f GDPR), we use third-party content or service products within our website in order to integrate their content and services, e.g. videos or fonts (hereinafter referred to jointly as “content”). This always requires that the third-party content provider be able to detect the user’s IP address, as they cannot send the content to the browser without the IP address. The IP address is required for the display of this content. We endeavour to only use content for which the respective provider only uses the IP address in order to deliver such content. Third-party providers may also use so-called pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. Information, e.g. visitor traffic on the pages of this website, can be evaluated through the “pixel tags”. The pseudonymous information can also be stored in cookies on the user’s devices and contains, among other things, technical information on the browser and operating system, referral websites, the time of the visit and other information on the use of our website, as well as being linked with such information from other sources.

YouTube

We integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.


Google Maps

We integrate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed can include, in particular, users' IP addresses and location data, which is, however, not collected without their consent (normally performed via the settings of their mobile device). The data may be processed in the USA. Privacy policy:https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Use of Facebook social plug-ins

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our website within the meaning of Art. 6 para. 1 letter f GDPR), we use social plug-ins (”plug-ins”) provided by the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plug-ins can display interactive elements or content (e.g., videos, graphics or text posts) and can be recognised by one of the Facebook logos (white “f” on a blue tile, the terms, “Like”, “You like this” or a “thumbs up” symbol) or are labelled with the phrase “Facebook social plug-in”. The list and appearance of Facebook social plug-ins can be viewed here: https://developers.facebook.com/docs/plugins. Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee to observe European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). If a user requests a function of this website that contains such a plug-in, their device shall establish a direct connection with the Facebook servers. The content of the plug-in is directly transmitted from Facebook to the user’s device and integrated by the device into the website. A usage profile for the user can be generated using the data processed. We have no influence on the scope of data that Facebook collects using this plug-in and therefore provide information to the user in accordance with our level of knowledge. Through the connection provided by the plug-in, Facebook receives information that a user has opened the corresponding page of the website. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If the user interacts with the plug-ins, for example, pressing the Like button or leaving a comment, the corresponding information is directly transmitted from their device to Facebook and stored there. If a user is not a member of Facebook, it is still possible that Facebook may find out and store their IP address. According to Facebook, in Germany, only anonymous IP addresses are stored. The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the associated rights and possibilities for changing the settings to protect the user’s private life, can be found in the Facebook data protection notice: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about them via this website and link this with their member data that is stored with Facebook, they must log out of Facebook and delete their cookies before using our website. It is possible to make more adjustments to settings and object to the use of data for advertising purposes within your Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the American (US) website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings can be changed regardless of the platform, meaning that they are applied across all devices, such as your desktop computer or mobile devices.

Twitter

Functions and content of the Twitter service, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated into our website. This may include, for example, content such as images, videos or text and buttons with which the user can share that they like the content or subscribe to the authors of content or our posts. If the user is a member of the Twitter platform, Twitter may assign the use of the aforementioned content and functions to the user profile there. Twitter is certified under the Privacy Shield Agreement and thereby offers a guarantee to observe European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Privacy Policy:: https://twitter.com/en/privacy, Opt-out: https://twitter.com/personalization.

Instagram

Functions and content of the Instagram service, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated into our website. This may include, for example, content such as images, videos or text and buttons with which the user may share that they like the content and subscribe to the authors of content or our posts. If the user is a member of the Instagram platform, Instagram may assign the use of the aforementioned content and functions to the user profile there. Instagram Privacy Policy: http://instagram.com/about/legal/privacy/.

Pinterest

Functions and content of the Pinterest service, provided by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA, may be integrated into our website. This may include, for example content such as images, videos or text and buttons with which the user may share that they like the content and subscribe to the authors of content or our posts. If the user is a member of the Pinterest platform, Pinterest may assign the use of the aforementioned content and functions to the user profile there. Pinterest Privacy Policy: https://about.pinterest.com/en/privacy-policy

Contact form and email contact

Description and scope of data processing

There is a contact form available on our website (https://www.markus-t.com/en/service/warranty-extension) which can be used to contact us electronically. If this option is used, the data entered into the input screen is transmitted to us and stored. This data comprises:


- Address


- Title


- First name, surname


- Street, house number


- Post code, country


- Email address of the owner of the glasses


- Date of purchase


- Serial number of the glasses


- Optional: Optician’s email address


At the point of sending the message, the data and time of entry is also stored. Your consent will be obtained for the processing of data within the dispatch process and you will be referred to this data privacy statement in this context. Alternatively, you may contact us via the email address provided. In this case, the user’s personal data that is transmitted with the email is stored. The data is not transmitted to third parties in this context. The data is used exclusively to process the conversation.

Legal basis for data processing

The legal basis for data processing with the user’s consent is Art. 6 para.1 letter a GDPR. The legal basis for the processing of data that is transmitted in the course of sending an email is Art. 6 para. 1 letter f GDPR. If contact is made by email contact for the purposes of concluding a contract, the additional legal basis for processing is Art. 6 para. 1 letter b GDPR.

Purpose of data processing

The processing of personal data from an input screen serves only to process the type of contact that has been made. In the case of contact being made by email, this also constitutes the required legitimate interest in data processing. The other personal data processed during the dispatch process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected. For personal data from the contact form input screen and data which is transmitted via email, this applies when the conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved. The additional personal data collected during the dispatch process is deleted after a period of seven days at the latest.

Possibility of objection and disposal

The user has the option to revoke their consent to processing personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation may not be pursued. All personal data that was stored in the course of making contact is deleted in this case.

Rights of the person concerned

If your personal data is processed, you are the person concerned within the meaning of the GDPR and you have the following rights in respect of the responsible body:

Right to information

You may request confirmation from the responsible body as to whether we process personal data that relates to you. If such processing takes place, you may request information from the responsible body regarding the following:


(1) The purposes for which the personal data is processed;


(2) The categories of personal data that is processed;


(3) The recipients or categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed ;


(4) The planned duration of storage of the personal data concerning you or, if specific information on this cannot be provided, criteria for the determination of the storage period;


(5) The existence of a right to amendment or deletion of the personal data concerning you, a right to the restriction of data by the responsible body or a right to object to this processing;


(6) The existence of a right to file a complaint with a regulatory authority;


(7) All information available regarding the origin of the data if the personal data was not collected from the person concerned;


(8) The existence of an automatic decision-making processing, including profiling, in accordance with Art. 22 paras. 1 and 4 GDPR and - at least in these cases - details regarding the logic applied as well as the implications and desired effects of such processing on the person concerned.

You have the right to request information as to whether the personal data concerning you is being transmitted to a third-party country or to an international organisation. In this context, you may request information on the suitable guarantees in place in accordance with Art. 46 GDPR in connection with the transmission.

Right to amendment

You have a right against the person responsible to the amendment and/or completion of data if the personal data processed that concerns you is incorrect or incomplete. The responsible body must make the amendment promptly.

Right to restriction of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:


(1) If you have contested the accuracy of the personal data concerning you for a period that allows the responsible body to review the accuracy of the personal data;


(2) If the processing is unlawful and you reject the deletion of the personal data, requesting the restriction of the use of personal data instead;


(3) If the responsible body no longer requires the personal data for the purposes of the processing, but requires it for the assertion, exercise or defence of legal claims, or


(4) If you have filed an objection against the processing in accordance with Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate grounds of the responsible body outweigh your grounds.


If the processing of the personal data concerning you has been restricted, this data may only be processed - other than for storage - with your consent or for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or a Member State. If the restriction of processing has been repealed due to the aforementioned conditions, you shall be informed by the responsible body before the restriction is lifted.

Right to deletion

Obligation to delete

You may request from the responsible body that the personal data concerning you is deleted promptly and the responsible body is obliged to delete the data promptly if any of the following apply:


(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or processed in any other way.


(2) You revoke the consent on which the processing was based in accordance with Art. 6 para. 1 letter a or Art. 9 para. 2 letter a GDPR and there is no other legal basis for the processing.


(3) You file an objection against the processing in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or if you file an objection against the processing in accordance with Art 21 para. 2 GDPR.


(4) The personal data concerning you has been unlawfully processed.


(5) The deletion of the personal data concerning you is required in order to fulfil a legal obligation in accordance with European Union law or the law of the Member States which apply to the responsible body.


(6) The personal data concerning you has been collected with regard to information society services offered in accordance with Art. 8 para. 1 GDPR.

Information to third parties

If the responsible body has made personal data concerning you public and is obliged to ensure its deletion in accordance with Art. 17 para. 1 GDPR, they shall take appropriate measures, under consideration of the technology available and the costs of implementation, including measures of a technical nature, to inform the body responsible for processing the personal data that you, as the person concerned, have requested that they delete all links to this personal data and copies or replications of this personal data.

Exceptions

The right to deletion does not apply if the processing is necessary


(1) In order to exercise the right to free expression and information;


(2) In order to fulfil a legal obligation that requires the processing in accordance with European Union law or the law of Member States which applies to the responsible body, or to carry out a task that is in the public interest or connected with the exercise of official authority which has been assigned to the responsible body;


(3) For reasons of public interest in the area of public health in accordance with Art. 9 para. 2 letter h and i as well as Art. 9 para. 3 GDPR.


(4) For archiving purposes, for scientific or historic research purposes or for statistical purposes in the public interest in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in Section a) is likely to make it impossible to the achieve the goals of this processing or seriously impair the achievement of such goals, or


(5) To assert, exercise or defend legal claims.

Right to information

If you have asserted the right to amendment, deletion or restriction of processing against the responsible body, they are obligated to inform all recipients of the personal data concerning you of this amendment or deletion of data or the restriction of processing unless this proves impossible or implies a disproportionate amount of effort. You have the right to be informed of these recipients by the responsible body.


Right to data portability

You have the right to receive the personal data concerning you that you have provided to the responsible body in a structured, accessible and machine-readable format. Furthermore, you have the right to transmit this data to another responsible body without obstruction by the responsible body to which the personal data was provided, insofar as


(1) The processing was based on consent in accordance with Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or based on a contract in accordance with Art. 6 para. 1 letter b GDPR and


(2) The processing takes place using automatic processes.


In exercising this right, you also have the right to have the personal data concerning you directly transmitted from one responsible body to another responsible body, provided that this is technically feasible. The freedoms and rights of other persons may not be impaired by this. The right to data portability does not apply to personal data processing that is necessary in order to carry out a task, that is in the public interest or is connected with the exercise of official authority which has been assigned to the responsible body.

Right to object

You have the right, for reasons which arise from your particular situation, to file an objection against the processing of personal data concerning you that occurs on the basis of Art. 6 para. 1 letter e or f DGPR at any time; this also applies to profiling based on these provisions. The responsible body shall no longer process the personal data concerning you unless they can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or if the processing is required for the assertion, exercise or defence of legal claims. If the personal data concerning you is processed in order to carry out direct advertising, you have the right to file an objection against the processing of personal data concerning you for the purposes of such advertising at any time; this also applies to profiling if this is in connection with such direct advertising. If you object to processing for purposes of direct advertising, the personal data concerning you shall no longer be processed for these purposes. In connection with the use of information society services, irrespective of Directive 2002/58/EC, you have the option to exercise your right to object using automatic processes, for which technical specifications are used.

Right to revoke the declaration of consent in accordance with data protection regulations

You have the right to revoke your consent that had been given in accordance with data protection law at any time. By revoking consent, the legality of the processing carried out until the point of revocation remains unaffected.
Automatic decision-making on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automatic processing - including profiling - that will have a legal effect on you or that significantly affects you in a similar manner. This does not apply if the decision is


(1) Necessary for the conclusion or fulfilment of a contract between you and the responsible body,


(2) Permissible on the basis of European Union legislation, or that of Member States which apply to the responsible body, and this legislation contains suitable measures to protect your rights and freedoms as well as your legitimate interests or


(3) Made with your express consent.


Nevertheless, these decisions may not be based on specific categories of personal data in accordance with Art. 9 para. 1 GDPR, provided that Art. 9 para. 2 letter a or g GDPR do not apply and suitable measures have been taken to protect rights and freedoms as well as your legitimate interests. Regarding the cases mentioned in (1) and (3), the responsible body shall take suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including the right to have someone intervene on the part of the responsible body, the right to present your opinion and the right to contest the decision as a minimum.

Right to file a complaint with a regulatory authority

Regardless of any other administrative or judicial remedy, you have the right to file a complaint with a regulatory authority, particularly in the Member State in which you reside or work or in the Member State in which the suspected breach occurred if you believe that the processing of personal data concerning you breaches GDPR. The regulatory authority to which the complaint has been filed shall inform the complainant of the status and the results of the complaint, including the possibility of judicial remedy in accordance with Art. 78 GDPR.