Skip to content

Data Protection Declaration

As a visitor to our website (hereinafter also referred to as “user”), we would like to inform you about the processing of personal data in the context of the usage of our websites. “Personal data” means any information relating to an identified or identifiable natural person ( hereinafter also referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

I. Name and address of the controller


The controller of these websites, according to the General Data Protection Regulation (GDPR), other national data protection laws of the Member States and other data protection provisions, is:

Systrion AG
Flughafenstraße 52
22335 Hamburg
Germany

 

+49 (0)40 55 61 94 0
info@systrion.com

 

II. Address of the data protection officer


We are not obliged to appoint a data protection officer.

 

 

III. General information about data processing
Scope of the processing of personal data


In principle, we only process personal data of our users insofar as this is necessary in order to provide a functional website, as well as our content and services. Personal data are above all those data that allow for you to be personally identified.

 

General legal basis for the processing of personal data
Art.6 (1) (b) of the GDPR serves as legal basis for the processing of personal data, which is necessary for the performance of a contract to which the data subject is party. The same applies to the processing operations that are necessary in order to take steps prior to entering into a contract.

Art. 6 (1) (c) of the GDPR serves as legal basis insofar as a processing of personal data is necessary for compliance with a legal obligation to which our company is subject.

Art. 6 (1) (f) of the GDPR serves as legal basis for the processing if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. 

Art. 6 (1) (a) of the GDPR serves as legal basis insofar as we seek the consent of the data subject for processing operations of personal data.

General data erasure and general storage period
As soon as the purpose of the storage ceases to exist, the personal data of the data subject are erased or blocked. Beyond that, storage is permissible and possible if this is provided for by the European or national legislator in Union law regulations, laws or other provisions to which the controller is subject. Data is also blocked or erased when a storage period stipulated by the above-mentioned norms expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

Encryption
To protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL / TLS encryption.  An encrypted connection can be recognised by the character string “https://” and the lock symbol in your browser line.

 

IV. Provision of the website and log files

 

Description and scope of the data processing
With every visit to our website, even if you do not otherwise submit information, data and information is automatically collected by the computer system of the calling computer.

The following data, which are necessary for the technical operation of our website, are collected in the process:

  • The operating system used by the calling computer/device
  • Information about the browser version, supported browser technology, screen resolution, colour depth and language of the calling computer/device
  • The internet service provider of the user
  • Transmitted data volume
  • Date and time at the time of access
  • Websites via which the user arrives at  our website (URL)
  • Websites that are accessed by the system of the user via our website
  • The sub-websites that are called up via an accessing system on our website
  • The type and manufacturer of the device and browser used, e.g. “Apple iPhone 8 & Safari”
  • The IP address of the calling computer/device

The data are stored in log files in our system. These data are not stored together with other personal data of the user.

Legal basis for the data processing
Art. 6 (1) (f) of the GDPR is the legal basis for the temporary storage of the data and the log files.

Purpose of data processing
It is necessary for the system to temporarily store the IP address in order to enable a delivery of the website to the user’s computer.
To this end, the user’s IP address has to be stored for the duration of the session.

The storage in log files takes place in order to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. The data are not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in the data processing pursuant to Art. 6 (1) (f) of the GDPR. Further interests are the stable and functional operation of this website, as well as achieving the objectives of protecting the confidentiality, integrity and availability of the data.

Duration of storage
The data are erased as soon as they are no longer necessary in order to fulfil the purpose of their collection. If the data is collected for the provision of the website, this is the case when the relevant session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In such a case, the IP addresses of the users are deleted or altered so that an association with the calling client is no longer possible.

Possibility of objection and erasure
The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

V. Use of cookies


Description and scope of the data processing
Our website uses cookies. Cookies are small text files, that are also saved on the computer system of the user (terminal device) via your browser. When a user accesses a website, a cookie can be saved in the operating system of the user. This cookie contains a characteristic string of text (cookie ID) through which web pages and servers can be associated with the specific internet browser that the cookie was saved in. This enables the visited web pages and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. In this way, the cookie enables a clear identification of the browser when the website is visited (again).

 

We use cookies in order to design our website in a more user-friendly way and to enable certain functions.

On the one hand, we use so-called session cookies that are automatically deleted by your browser immediately after the end of the visit.

In the context of web analysis, on the other hand, we also use persistent cookies, which allow us to recognise your browser on your next visit, for instance in order to remember information that you provided during your last visit for your subsequent visit to our website.

The following data, inter alia, are saved and transmitted in the cookies: Visitor ID, language, screen resolution

Insofar as we use cookies that enable an analysis of the users’ surfing habits, the following data can also be transmitted: Use of website functions such as selection of business area, registration/log in and shopping cart.

In addition, we work with (advertising) partners, who help us optimise our internet offer for you and make it more interesting. For this purpose, cookies from partner companies are also saved on your hard disk when you visit our website (third-party cookies). 

Insofar as we cooperate with such advertising partners, you will be informed hereinafter about the use of such cookies and the scope of the information collected in each case.

Legal basis for the data processing
Should personal data be processed through cookies that we implemented, the processing takes place either for the performance of the contract pursuant to Art. 6 (1) (b) of the GDPR, or pursuant to Art. 6 (1) (f) of the GDPR for the purpose of our legitimate interests in the best possible functionality of the website, as well as a client-friendly and effective design of the site visit.

Purpose of data processing
The purpose of the use of technically necessary cookies is to simplify the usage of websites for the users. Some functions of our website cannot be offered without the use of cookies, as they require the browser to be recognised even after a page is changed.

The user data collected by technically necessary cookies are not used for the creation of user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Analysis cookies allow us to find out how the website it used and hence to optimise our offer continuously.

These purposes constitute our legitimate interest in the processing of personal data pursuant to Art. 6 (1) (f) of the GDPR.

Duration of storage, possibility of objection and erasure
Cookies are stored on the computer of the user, from which they are transmitted to our site. As a user, you hence have full control over the use of cookies.
 You can deactivate or limit the transmission of cookies by changing the settings in your internet browser.

The possibilities of managing cookie settings vary depending on the type of browser used. A description can usually be found in the help menu of every browser, which provides instructions on how to change your cookie settings. Below you can find a compilation of links to the individual browsers:

Internet Explorer

Firefox

Chrome

Safari

Opera

Even cookies that have already been stored can be deleted at any time. This can also be automated. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
The transmission of possible flash cookies cannot be prevented through the browser settings, but by changing the settings of the Flash Player.

 

VI. Contact


Description and scope of data processing
On our website contact can be established via the e-mail address provided. In this case, the user’s personal data transmitted in the e-mail are stored.

 

There is no data transfer to third parties in this context. The data are used exclusively for the processing of the conversation.

Legal basis for the data processing
Art. 6 (1) (f) of the GDPR is the legal basis for the processing of the data that are transmitted in the course of sending an e-mail. Art. 6 (1) (b) of the GDPR is an additional legal basis for the processing if the e-mail contact aims at concluding a contract.

Purpose of data processing
The processing of the personal data from the input mask serves the sole purpose of handling the established contact. In the case that contact is established via e-mail this also constitutes the necessary legitimate interest in the processing of the data.

Other personal data processed during the sending process serve the purpose of preventing a misuse of the contact form and ensuring the security of our information technology systems.

Duration of storage
The data are erased as soon as they are no longer necessary in order to fulfil the purpose of their collection. For the personal data from the input mask of the contact form and those sent via e-mail, this is the case when the respective contact with the user has ended and the erasure is not prevented by any statutory retention obligations.  The contact has ended if it can be concluded from the circumstances that the issue in question has been resolved.

The additional personal data collected during the sending process are erased after a period of seven days at the latest.

Possibility of objection and erasure
If a user contacts us via e-mail, he can object to the storage of his personal data at any time. In such a case, the communication with you cannot be continued. All personal data that were stored in the course of the establishment of contact will be erased in this case.

 

VII. HubSpot

 

This website uses HubSpot, a software of HubSpot Inc. HubSpot is a software company from the USA with a branch in Ireland (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500). This software is used in the area of inbound marketing and helps us by means of statistical analysis and evaluation of logged user behavior, to better coordinate our marketing strategy, based on stored IP addresses. Cookies (see „IV. Cookies“) are used.

This data processing is based on Art. 6 (1) (1) lit. a) GDPR and § 25 (1) TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device. You have the right to revoke your consent at any time with effect for the future. The legality of the data processing until the revocation remains unaffected.

Data transfer to the U.S. is based on the EU standard contractual clauses, details of which can be found here („Hubspot Data Processing Agreement“): https://legal.hubspot.com/dpa. For more information, please refer to the Terms of Use and Privacy Policy of HubSpot Inc. accordingly at: https://legal.hubspot.com/terms-of-service and at https://legal.hubspot.com/privacy-policy.

 

VIII. Newsletter


Description and scope of data processing

Our website offers the possibility of subscribing to a free newsletter.

 

The registration takes place via the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have previously expressly confirmed that you consent to the sending of newsletters. To do so, we will send you a confirmation e-mail after you registered, in which you are requested to confirm that you wish to receive newsletters in the future by clicking on a corresponding link in the e-mail (“double opt-in”).

Only your e-mail address, name and Company name (optional) will be requested when you sign up for the newsletter. The provision of possible further data, such as title, name, and surname, is voluntary and takes place in order to be able to address you personally.

Moreover, the following additional data are collected during registration:

  • IP address of the calling computer
  • Date and time of registration

There is no data transfer to third parties in connection with the data processing for the sending of newsletters. The data are used exclusively for the sending of the newsletter.

Legal basis for the data processing
If the consent of the user has been obtained, the legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 (1) (a) of the GDPR.

The legal basis for the sending of the newsletter as a result of your use of services is §7 (3) of the UWG (the German Act Against Unfair Competition). In this respect, the processing of data takes place solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 (1) (f) of the GDPR.

Purpose of data processing
The collection of the user’s e-mail address serves the purpose of delivering the newsletter.

The collection of other personal data in the framework of the registration process serves the purpose of preventing a misuse of the services or of the e-mail address used.

Duration of storage
The data are erased as soon as they are no longer necessary in order to fulfil the purpose of their collection. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected in the framework of the registration process are usually erased after a period of seven days.

Possibility of objection and erasure
The subscription to the newsletter can be cancelled at any time by the user concerned, with effect for the future. For this purpose every newsletter contains a corresponding link; alternatively you can also send a message to the above-mentioned controller. To do so, you will solely incur transmission costs according to the basic rates.

This also enables a revocation of the consent to storage of the personal data collected during the registration process.

After successful cancellation, your e-mail address will immediately be deleted from our newsletter mailing list, unless you expressly consented to a further use of your data, or unless we reserve the right to a further use of data which is permitted by law and of which we inform you in this declaration. In the latter case, your e-mail address will be blocked for the newsletter.

Sending via MailChimp

Our e-mail newsletter is sent with the help of the technical service provider

The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA („MailChimp“). MailChimp is certified for the EU-US data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

We therefore pass the data collected during your registration for the newsletter on to MailChimp. These data are transmitted to a MailChimp server in the USA and stored there.

MailChimp uses this information primarily for the sending of the newsletters, but also for statistical evaluation on our behalf. In order to be able to perform an analysis, the e-mails contain so-called tracking pixels or web beacons. These are small graphic images (single-pixel image files) that are stored on our website. It is thus possible to determine whether a newsletter message was opened and which links the recipient may have clicked on. In addition, further technical information is collected, such as the IP address, the time of access, the browser type or your operating system. The data are collected exclusively in pseudonymised form and are not associated with your other personal data. These data serve the sole purpose of statistical analysis of newsletter campaigns, with the aim of better tailoring future mailings to the recipients’ needs.

Furthermore, MailChimp uses these statistical evaluation data itself, for instance in order to determine which countries the recipients come from across the world. According to its own statements, MailChimp does not use the data of our newsletter recipients in order to write to them itself or to pass them on to third parties.

The privacy policy of MailChimp can be viewed here: https://mailchimp.com/legal/privacy/

Legal basis

The transfer to MailChimp takes place in accordance with Art. 6 (1) (f) of the GDPR. Our “legitimate interest” is the use of an effective, user-friendly, and safe newsletter system. The use of the data by MailChimp for its own statistical purposes is made in accordance with Art. 6 (1) (f) of the GDPR, due to an own “legitimate interest” for market research purposes with the aim of optimising the service.

Possibilities of objection and erasure

If you want to object to the transfer of the data to MailChimp and to the data analysis for statistical evaluation purposes, you have to unsubscribe from the newsletter.

 

IX. Applicant data


Insofar as you react to job postings on our website or send us an application for other reasons, we process those data that you send us in connection with your application, in order to review your suitability for the job (or for comparable positions that are currently open at our company) and to carry out the application procedure. After receipt of your application, your application data are reviewed by the responsible employees in the human resources department. Suitable applications are passed on internally to the people within the departments responsible for the respective open position. In principle, only those people who need it for the proper functioning of the application procedure have access to your data within the company.

 

The legal basis for the processing of your personal data in this application procedure is first and foremost § 26 of the BDSG (Federal Data Protection Act) in the version applicable as of 25.05.2018. Pursuant to this provision, the processing of the data is permissible, that is necessary in connection with the decision about establishing an employment relationship. After completion of the application procedure, a processing of data can take place if the requirements of Art. 6 of the GDPR are met, in particular for the purposes of legitimate interests pursuant to Art. 6 (1) (f) of the GDPR. In the case of legal proceedings under the AGG (General Act on Equal Treatment), for instance, our interest lies in the assertion of or the defence against claims.

In the case of a rejection, data of applicants are erased 3 months after completion of the application procedure.

In the event that you expressly consented to a further storage of your personal data, we will add your data to our pool of applicants. There the data will be erased after a period of two years.

Should your application be successful and should you have been awarded a job in the framework of the application procedure, we will transfer your data from the applicant data system to our human resources information system.

The data are processed exclusively in data centres in the Federal Republic of Germany.

 

X. Use of social plug-ins of Facebook, Instagram, Google+ and Twitter


So-called social plug-ins (“plug-ins”) of the social network LinkedIn are used on our website.

 

These services are provided by the respective company (hereinafter “provider”).

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). An overview of the plug-ins of LinkedIn can be found here: https://developer.linkedin.com/plugins

The above-mentioned provider is certified for the EU-US data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

When you access a page of our web presence that contains such a plug-in, your browser establishes a direct connection to the servers of the provider. The content of the plug-in is transmitted directly to your browser by the provider and is integrated into the page. Through this integration, the provider receives the information that your browser has accessed the relevant page of our web presence, even if you do not have your own profile with the provider or are not currently logged in with one of the provider. This information (including your IP address) is directly transmitted by your browser to a server of the provider in the USA and stored there. If you are logged in with one of the provider, the provider can directly associate the visit to our website with your profile there. If you interact with the plug-ins, this information is also directly transmitted to a server of the provider and stored there.

Furthermore, the information may be published on your profile with the provider and displayed to the users there.

Legal basis

The described data processing operations take place in accordance with Art. 6 (1) (f) of the GDPR on the basis of the legitimate interests of the provider in the display of personalised advertising, in order to inform other users of the social network about your activities on our website and for the needs-based design of the service.

Possibility of objection and erasure

If you do not want the provider to directly assign the data collected via our website to your profile with the provider, you have to log out of the relevant provider before your visit to our website. With add-ons for your browser you can also object with effect for the future to the loading of the plug-ins and hence to the above-mentioned data processing operations, for instance with the script blocker “NoScript”. The purpose and scope of the data collection and the further processing and use of the data by the provider, as well as your rights in this regard and configuration options for the protection of your privacy, can be found in the data protection notices of the provider.

www.linkedin.com/legal/privacy-policy

Use of the Shariff solution 

To increase the protection of your data during the visit to our website, the plug-ins on our website are integrated with the help of the so-called “Shariff solution”. The effect of this is that when a page of our web presence that contains such plug-ins is accessed, a connection with the servers of Facebook, Google, Instagram, and Twitter is not yet established.

Only when you click on one of the buttons does a window of your browser open and call up the login page for the provider. If you are already logged in, your browser directly opens a page of the provider, where you can subsequently confirm the like or share button, for instance.

The use of the plug-ins with the help of the Shariff solution on our website has the purpose of protecting the personal data of the visitors to our website whilst enabling the integration of a button solution for social networks on this website at the same time.

XING share buttons

The “XING share button” is used on our website. When accessing this website, a short-term connection is established via your browser to the servers of

XING SE, Dammtorstraße 30, 20354 Hamburg, Germany („XING“)

with which the functions of the “XING share button” (especially the calculation/display of the counter value) are provided. XING does not store any of your personal data about access to this website. In particular, XING does not save any IP addresses. There is also no evaluation of your usage behaviour through the use of cookies in connection with the “XING share button”. You can find the current privacy information about the “XING share button” as well as additional information on this website:

https://www.xing.com/app/share?op=data_protection

 

XI. Google Maps

 

On our website we use Google Maps (API) of

Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Google LLC, which is based in the USA, is certified for the EU-US data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

Google Maps is a web service for the display of interactive (geographical) maps. With the help of Google Maps, our location is displayed to you and a possible route is shown.

Through this integration, Google receives the information that your browser has called up the relevant page of our web presence, as well as further information, even if you do not have your own user account with Google or if you do have your own account but are not currently logged in with Google. This information (including your IP address) is directly transmitted by your browser to a server of Google in the USA and stored there. If you are logged in with Google, Google can directly associate the visit to our website with your user account there.

The terms of use of Google Maps can be found here

https://www.google.com/intl/de_US/help/terms_maps.html

Detailed information about data protection in connection with the use of Google Maps can be found here:

http://www.google.de/intl/de/policies/privacy/

Legal basis

In accordance with Art. 6 (1) (f) of the GDPR, the use of Google Maps follows our legitimate interest in making our website more attractive to our users, especially those who would like to visit us, by offering an (interactive) geographical map The evaluation carried out by Google takes place in particular according to Art. 6 (1) (f) of the GDPR on the basis of the legitimate interests in the display of personalised advertising, market research, and the needs-based design of the website.

Possibility of objection and erasure

You have the right to object to the creation of the above-mentioned user profiles, however you need to contact Google to exercise this right. If you do not wish the association with your profile at Google, you need to log out before activating the button. If you do not agree with the future transmission of your data to Google in the framework of the use of Google Maps, there is also the possibility of deactivating the web service of Google Maps entirely, by turning off the application JavaScript in your browser. Google Maps, and thus also the map display on this website, cannot be used in that case.

 

XII. Rights of the data subject

 

Data subjects whose personal data are processed have the following rights vis-à-vis the above-mentioned controller with regard to the personal data that concern them.

Right of access

Upon your request, the controller will confirm whether personal data that concern you are processed by us.

If we do process data, you can request access to the following information from the controller:

(1)          the categories of personal data that are processed;

(2)          the purposes for which the personal data are processed;

(3)          the receivers/categories of receivers whom the personal data have been disclosed to or will still be disclosed to;

(4)          the planned duration of storage of the personal data concerning you, or at least, if specific information about this cannot be provided, the criteria for the definition of the storage duration;

(5)          the existence of the right to correction or erasure of the personal data, the right to restriction of the processing by the controller, or the right to object against this processing;

(6)          all available information about the origin of the data, if the personal data were not given by the data subject himself;

(7)          the right to lodge a complaint with a supervisory authority;

(8)          the existence of automated decision-making, including profiling (Art. 22 (1) and (4) of the GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

In addition, you have the right to obtain information about the extent to which the personal data concerning you are transmitted to a third country (or to an international organisation). In this context you can demand to be informed about the suitable safeguards pursuant to Art. 46 of the GDPR in connection with the transmission.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller, if the processed personal data concerning you are inaccurate or incomplete. The rectification is to be carried out without undue delay.

Right to restriction of processing

You can demand a restriction of processing of the personal data concerning you,

(1)          if you contest the accuracy of the personal data concerning you, for a period that enables the controller to verify the accuracy of the personal data;

(2)          the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3)          the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;

(4)          you have objected to processing pursuant to Article 21(1) of the GDPR and the verification whether the legitimate grounds of the controller override yours is still pending.

Where processing of the personal data concerning you has been restricted, these data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been obtained according to the above-mentioned requirements, you shall be informed by the controller before the restriction of processing is lifted.

Right to erasure

Obligation of erasure

You can demand that the controller erases the personal data concerning you without undue delay and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:

(1)          the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2)          you withdraw your consent on which the processing was based according to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR and there is no other legal ground for the processing.

(3)          you object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.

(4)          the personal data concerning you have been unlawfully processed. 

(5)          the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6)          the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) of the GDPR.

Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data, that you as a data subject have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.

Exceptions

The right to erasure does not apply to the extent that processing is necessary

(1)          for exercising the right of freedom of expression and information;

(2)          for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3)          for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Article 9 (3) of the GDPR;

(4)          for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) of the GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5)          for the establishment, exercise or defence of legal claims.

Right to information

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1)          the processing is based on consent pursuant to Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR; and

(2)          the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected by this.

The right to data portability shall not apply to a processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (f) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where the personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

Right to withdrawal of the data protection consent declaration

You have the right to withdraw your declaration of consent under data protection law at any time, with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

(1)          is necessary for entering into, or performance of, a contract between you and a data controller,

(2)          is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3)          is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) of the GDPR, unless point (a) or (g) of Art. 9 (2) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.