Imprint & Privacy of neo WP

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is the person named in the Impressum.

II. General information on data processing

1. Scope of processing of personal data

We generally process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.

2. Legal basis for processing personal data

If we obtain consent from the data subject for processing operations of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

To the extent that processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, rights and freedoms of the data subject do not override that interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue if this is provided for by European or national legislators in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data are collected:

1. Information about the browser type and the version used
2. The user’s operating system
3. The user’s Internet service provider
4. The user's IP address
5. Date and time of access
6. Websites from which the user’s system reached our website
7. Websites that are accessed by the user’s system via our website

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to deliver the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage in log files takes place to ensure the website’s functionality. The data also serves to technically optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is when the respective session has ended.
In the case of storing data in log files, this will be at the latest after seven days. Further storage may be possible. In that case, users’ IP addresses will be deleted or rendered anonymous so that a connection to the requesting client is no longer possible.

5. Objection and removal option

Collecting data to provide the website and storing data in log files is essential for operating the website. Therefore the user has no option to object.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user’s computer system. When a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables a unique identification of the browser when the website is visited again.
We use cookies to make our website functional. Some elements of our website require that the visiting browser can still be identified after a page change.
The following data is stored in and transmitted by the cookies:

1. Language settings
2. Items in a shopping cart
3. Log in information

We also use cookies on our website that allow an analysis of users’ surfing behavior.
In this way, the following data can be transmitted:

1. Entered search terms
2. Frequency of page views
3. Use of website functions

When the website is accessed, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, a reference to this privacy policy is also provided.

2. Legal basis for data processing

The legal basis for processing personal data using cookies for analysis purposes is, if the user has given consent, Art. 6 para. 1 lit. a GDPR.
The legal basis for processing personal data using technically necessary cookies is otherwise Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to enable users to use websites. Some functions of our website cannot be offered without using cookies. For these functions it is necessary that the browser is recognized again after navigating to another page.
We need cookies for the following applications:

1. Shopping cart
2. Carrying over language settings
3. Log in information

The user data collected by technically necessary cookies are not used to create user profiles.
The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can continuously optimize our offering.
These purposes also constitute our legitimate interest in the subsequent processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Storage duration objection and deletion options

Cookies are stored on the user's computer and transmitted by it to our site. Therefore you as a user also have full control over the use of cookies. By changing the settings in your internet browser you can deactivate or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.

V. Newsletter

1. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter the data from the input form are transmitted to us.
In addition the following data are collected when registering:

1. IP address of the accessing computer
2. Date and time of registration

As part of the registration process your consent is obtained for the processing of the data and reference is made to this privacy policy.

If you purchase goods or services on our website and provide your email address in the process, we may subsequently use it to send a newsletter. In such a case the newsletter will contain direct advertising only for our own similar goods or services.

In connection with data processing for sending newsletters there is no transfer of the data to third parties. The data are used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after the user registers for the newsletter is, if the user has given consent, Art. 6 para. 1 lit. a GDPR.

Legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The collection of the user's email address is for delivering the newsletter.

The collection of other personal data during the registration process is to prevent abuse of the services or the email address used.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The user's email address will therefore be stored as long as the newsletter subscription is active.

Other personal data collected during the registration process will generally be deleted after a period of seven days.

5. Objection and removal option

The newsletter subscription can be cancelled by the affected user at any time. For this purpose, each newsletter contains a corresponding link.

This also enables withdrawal of consent to the storage of personal data collected during the registration process.

VI. Registration

1. Description and scope of data processing

On our website we offer users the option to register by providing personal data. The data is entered into an input form, transmitted to us and stored. The data is not passed on to third parties. The data provided during registration is collected as part of the registration process.
The following data are also stored at the time of registration:

1. The user's IP address
2. Date and time of registration

As part of the registration process, the user gives consent to the processing of this data.

2. Legal basis for data processing

The legal basis for processing the data is Art. 6(1)(a) GDPR if the user has given consent.

If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Art. 6(1)(b) GDPR.

3. Purpose of data processing

Registration is required to make certain content and services available on our website.

Registration is also necessary to fulfill a contract with the user or to carry out pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

This applies to the data collected during the registration process if the registration on our website is cancelled or changed.

This applies to the data collected during the registration process for the performance of a contract or for carrying out pre-contractual measures when the data are no longer required to perform the contract. Even after the contract has been completed, it may still be necessary to store the contracting party's personal data in order to comply with contractual or legal obligations.

5. Objection and removal option

As a user you can at any time cancel the registration. You can have the data stored about you changed at any time. Contact us using the contact details given in the imprint.
If the data are required to perform a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not oppose deletion.

VII. Contact form and email contact

1. Description and scope of data processing

There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input mask are transmitted to us and stored.

The following data are also stored at the time the message is sent:

1. The user's IP address
2. Date and time of registration

Your consent is obtained during the sending process for processing the data and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email are stored.

No data are passed on to third parties in this context. The data are used exclusively to process the conversation.

2. Legal basis for data processing

The legal basis for processing the data is Art. 6(1)(a) GDPR if the user has given consent.

The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

3. Purpose of data processing

The processing of the personal data from the input mask serves us solely to handle the contact request. In the case of contact by email, the necessary legitimate interest in processing the data also exists.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The personal data additionally collected during the sending process are deleted at the latest after a period of seven days.

5. Objection and removal option

The user can revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case the conversation cannot be continued.
All personal data that were stored during the contact will be deleted in this case.

VIII. Web analysis by Matomo (formerly PIWIK)

Matomo offers different options for web analysis. This tool allows operation without setting cookies and only with anonymized or without IP addresses. Consequently, the consent requirements no longer apply. The following statement describes the standard case in which cookies are set.

1. Scope of processing of personal data

We use the open-source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software sets a cookie on the users' computers (see above for cookies). When individual pages of our website are accessed, the following data are stored:

1. Two bytes of the IP address of the requesting system of the user
2. The page accessed
3. The website from which the user reached the accessed page (referrer)
4. The subpages that are accessed from the accessed page
5. The time spent on the page
6. The frequency of visits to the page

The software runs exclusively on the servers of our website. Personal data of users are stored only there. No transfer of the data to third parties takes place.
The software is configured so that IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, assignment of the shortened IP address to the requesting computer is no longer possible.

2. Legal basis for processing personal data

The legal basis for processing users' personal data is Art. 6(1)(f) GDPR.

3. Purpose of data processing

Processing users' personal data allows us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the usage of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data under Art. 6(1)(f) GDPR. By anonymizing the IP address, the users' interest in the protection of their personal data is sufficiently taken into account.

4. Duration of storage

The data are deleted as soon as they are no longer needed for our recording purposes.

5. Objection and removal option

Cookies are stored on the user's computer and transmitted by it to our site. Therefore you as a user also have full control over the use of cookies. By changing the settings in your internet browser you can deactivate or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.

IX. Integration of external services

Embedding YouTube videos

We embed videos from the service YouTube on our website, an offering of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). When you play a video, your browser automatically sends data such as IP address, browser type, operating system, date/time and interactions to the YouTube servers. YouTube may also use cookies and similar technologies. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing multimedia content). Because YouTube sets tracking cookies, we obtain your consent in advance. You can revoke your consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework ("Privacy Shield"). Further information can be found in Google's privacy policy at https://policies.google.com/privacy. You have all data subject rights under the GDPR.

Embedding Vimeo videos

We embed videos from the Vimeo service on our website. The provider is Vimeo.com, Inc., 330 West 34th Street, New York, NY 10001, USA. As soon as you start such a video, your browser automatically connects to Vimeo servers. In particular, your IP address, information about browser and operating system, date and time of access and your interactions (for example start, pause) are transmitted. Vimeo uses cookies and similar tracking technologies. The embedded player places, among others, the cookie “vuid” (storage duration ≈ 2 years, purpose = usage statistics) and “player” (≈ 1 year, purpose = saving your player settings); further technically necessary cookies may be added for example for bot protection.
The legal basis for embedding is Art. 6(1)(f) GDPR (legitimate interest in an appealing multimedia presentation of our offers). Because the Vimeo player can set cookies for reach and usage analysis, we obtain your explicit consent pursuant to Art. 6(1)(a) GDPR before loading the player. You can revoke this consent at any time in the cookie settings of our website with effect for the future.
By using the player, personal data are transferred to the USA. Vimeo is a participant in the EU-US Data Privacy Framework and is thus certified for transatlantic data transfer under Art. 45 GDPR.
Further information on data processing by Vimeo can be found in the provider’s privacy policy at https://vimeo.com/privacy. You have all data subject rights under the GDPR (access, rectification, erasure, restriction of processing, data portability, complaint to a supervisory authority).

Integration of Google Maps

On our website we use the Google Maps mapping service of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). With each map request your browser automatically transmits data such as IP address, browser type, geolocation data (if granted), date/time and cookies to Google servers. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in an interactive map presentation). Your consent is required in advance because Google Maps can set tracking cookies. You can revoke consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework. More information: https://policies.google.com/privacy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Integration of OpenStreetMap

Our website uses OpenStreetMap provided by the OpenStreetMap Foundation (65 Leazes Park Road, Newcastle upon Tyne, NE1 4PF, United Kingdom). When loading the map only map data (tile images, scripts) are retrieved from the OpenStreetMap server; personal data are only collected if you agree to share your device’s location. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the map presentation). OpenStreetMap does not set tracking cookies, therefore no consent is required. The servers are located in Europe; no data transfer to third countries takes place. Further information: https://osmfoundation.org/wiki/Privacy_Policy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Integration of tawk.to chat

On our website we use the live chat service tawk.to, a service of tawk.to Inc. (187 East Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA). When the chat widget loads data such as IP address, browser type, operating system, date/time of access and possibly location data and cookies are automatically transmitted to tawk.to. Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in direct user communication). Because tawk.to sets cookies your consent for this is required and can be revoked at any time via our cookie banner. Data transfer to the USA takes place with tawk.to’s participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Further information can be found in tawk.to’s privacy policy at https://www.tawk.to/privacy-policy/. You have the data subject rights set out in the GDPR (access, rectification, erasure, restriction of processing, data portability, objection).

Integration of Google Fonts

We use fonts (Google Web Fonts) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website to improve readability and the uniform appearance of our pages. The font files are only loaded after you have expressly agreed to the corresponding category (Fonts/External Media) via our consent banner. Only after your consent does your browser connect to the domains fonts.googleapis.com and fonts.gstatic.com; your IP address and certain technical information (for example browser type, operating system and referrer URL) are transmitted to Google in the USA. The legal basis for this data processing is your voluntary consent pursuant to Art. 6(1)(a) GDPR given exclusively for the stated purpose. You can revoke your consent at any time with effect for the future by clicking change settings in the cookie banner or deleting the corresponding cookies in your browser. Details on storage duration and scope of data processed by Google can be found in Google’s privacy policy at https://policies.google.com/privacy. Further information about your rights and general privacy information can be found in the other sections of this privacy policy.

Integration of Google Analytics GA4

We use the web analytics tool Google Analytics version 4 based on your consent (Art. 6(1)(a) GDPR). The service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for Europe Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland acts. The purpose of processing is to statistically analyze user behavior on our website, measure reach and continuously optimize our content.
For this purpose Google Analytics stores, among other things, device and browser information, pseudonymized user IDs, pages accessed, dwell time, click paths, coarse location data and events defined by us (for example scroll depth or video plays). The IP address is shortened within the EU or EEA before any further processing (so-called IP anonymization) so that no unique personal reference remains.
The collected information can be transferred to and processed on Google servers in the USA. Google bases these transfers on the EU standard contractual clauses; in addition there is a data processing agreement with Google pursuant to Art. 28 GDPR. By default user and event data are stored for 14 months and then automatically deleted or anonymized; differing retention periods are documented by us in the Google Analytics interface.
You can revoke your consent at any time with effect for the future by deactivating the category Statistic in our cookie banner. In addition Google offers a browser add-on to disable Google Analytics at https://tools.google.com/dlpage/gaoptout. The lawfulness of processing carried out up to the time of revocation remains unaffected.

X. Rights of the data subject

If personal data about you are processed you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

1. Right of access

You can request from the controller confirmation as to whether personal data concerning you are being processed by us.
If such processing exists you can request information from the controller about the following:

1. the purposes for which the personal data are processed;
2. the categories of personal data which are processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the intended duration of storage of the personal data concerning you or, if specific information on this is not possible, the criteria used to determine the retention period;
5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to this processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the source of the data, where the personal data were not collected from you;
8. the existence of automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR and at least in those cases meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you;

You have the right to request information about whether the personal data concerning you are transferred to a third country or to an international organization. In this context you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR regarding the transfer.
This right of access may be restricted insofar as it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.
Your right of access in the case of AI-based data processing extends to processing activities and the functioning of the AI systems used for data processing.

2. Right to rectification

You have the right to obtain from the controller without undue delay the rectification and/or completion of personal data concerning you that are inaccurate or incomplete. The controller shall rectify the data without delay.
Your right to rectification may be restricted insofar as it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

3. Right to restriction of processing

Under the following conditions you may request restriction of processing of personal data concerning you:

1. when you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
3. the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;
4. when you have objected to the processing pursuant to Art. 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data concerning you has been restricted, such data - aside from storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for important public interest reasons of the Union or of a Member State.
Where the restriction of processing has been imposed pursuant to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be restricted insofar as it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

4. Right to erasure

a) Obligation to erase

You may request that the controller erase without undue delay the personal data concerning you and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. The personal data concerning you were processed unlawfully.
5. The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you were collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase them, the controller, taking into account the available technology and implementation costs, shall take reasonable measures, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested from them the erasure of all links to those personal data or of copies or replications of those personal data.

c) Exceptions

The right to erasure does not apply insofar as the processing is necessary

1. for the exercise of the right of freedom of expression and information;
2. to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to make impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise or defense of legal claims.

5. Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing with the controller, the controller shall communicate the rectification or erasure of the personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where

1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR; and
2. the processing is carried out by automated means.

In exercising this right you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

If personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for those purposes.

You have the option, in connection with the use of information society services - without prejudice to Directive 2002/58/EC - to exercise your right to object by automated means using technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR.

Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

8. Right to withdraw the data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing including profiling which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is authorised by Union or Member State law to which the controller is subject and that law provides suitable measures to safeguard your rights and freedoms and legitimate interests, or
3. is based on your explicit consent.

However, such decisions must not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures to safeguard rights and freedoms and your legitimate interests have been taken.

In relation to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which shall include at least the right to obtain human intervention by the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.