Imprint & Privacy Policy of neo WP

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is the person named in the Imprint.

II. General Information on Data Processing

1. Scope of processing of personal data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data

To the extent that we obtain consent from the data subject for processing operations of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

To the extent that processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In the event that processing is necessary to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.

3. Data Deletion and Storage Period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue to take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data will also take place if a retention period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

III. Provision of the Website and Creation of Log Files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting device.

The following data are collected in this connection:

1. Information about the browser type and the version used
2. The user’s operating system
3. The user’s Internet service provider
4. The user’s IP address
5. Date and time of access
6. Websites from which the user’s system accessed our website
7. Websites that are accessed by the user’s system via our website

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and the log files is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be retained for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, we use the data to technically optimize the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing under Art. 6(1)(f) GDPR also lies in these purposes.

4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for providing the website, this is the case when the respective session has ended.
In the case of storage of the data in log files, this is the case after at most seven days. Further storage is possible. In this case, the users' IP addresses will be deleted or altered so that an assignment of the calling client is no longer possible.

5. Right to object and removal options

The collection of data for providing the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right to object.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is accessed again.
We use cookies to make our website functional. Some elements of our website require that the calling browser can still be identified after a page change.
The following data are stored and transmitted in the cookies:

1. Language settings
2. Items in a shopping cart
3. Log-in information

We also use cookies on our website that enable an analysis of the users' surfing behavior.
In this way the following data can be transmitted:

1. Entered search terms
2. Frequency of page visits
3. Use of website functions

When our website is accessed, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

2. Legal basis for data processing

The legal basis for processing personal data using cookies for analytical purposes is, if the user has given consent, Art. 6(1)(a) GDPR.
The legal basis for processing personal data using technically necessary cookies is otherwise Art. 6(1)(f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to enable users to use websites. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after a page change.
We need cookies for the following applications:

1. Shopping cart
2. Retention of language settings
3. Log-in information

The user data collected by technically necessary cookies is not used to create user profiles.
The use of analytics cookies is for the purpose of improving the quality of our website and its content. Through analytics cookies we learn how the website is used and can continuously optimize our offerings.
These purposes also constitute our legitimate interest in the subsequent processing of personal data pursuant to Art. 6(1)(f) GDPR.

4. Storage duration, objection and deletion options

Cookies are stored on the user's computer and transmitted by it to our site. Therefore you as a user also have full control over the use of cookies. By changing the settings in your web browser you can deactivate or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it may no longer be possible to use all functions of the website fully.

V. Newsletter

1. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When signing up for the newsletter, the data from the input form is transmitted to us.
In addition, the following data is collected during registration:

1. IP address of the accessing computer
2. Date and time of registration

As part of the registration process, your consent is obtained for the processing of the data and reference is made to this privacy policy.

If you purchase goods or services on our website and provide your e-mail address, we may subsequently use it to send a newsletter. In such a case, the newsletter will contain direct advertising only for our own similar goods or services.

In connection with data processing for sending newsletters, the data is not passed on to third parties. The data is used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after the user registers for the newsletter is, if the user has given consent, Art. 6(1)(a) GDPR.

Legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The collection of the user’s email address is intended to deliver the newsletter.

The collection of other personal data during the registration process is intended to prevent misuse of the services or the email address used.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The user’s email address is therefore stored as long as the newsletter subscription is active.

Other personal data collected during the registration process are usually deleted after a period of seven days.

5. Right to object and removal options

The newsletter subscription can be canceled by the data subject at any time. For this purpose, there is a corresponding link in every newsletter.

This also enables withdrawal of consent to the storage of personal data collected during the registration process.

VI. Registration

1. Description and scope of data processing

On our website we offer users the possibility to register by providing personal data. The data are entered into an input form, transmitted to us and stored. The data are not passed on to third parties. The data provided during registration are collected as part of the registration process.
At the time of registration the following data are also stored:

1. The user’s IP address
2. Date and time of registration

As part of the registration process, the user’s consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for processing the data is Art. 6(1)(a) GDPR if the user has given consent.

If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Art. 6(1)(b) GDPR.

3. Purpose of data processing

A user registration is required to provide certain content and services on our website.

A user registration is also required to fulfill a contract with the user or to carry out pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

This applies to the data collected during the registration process when the registration on our website is cancelled or modified.

This applies to the data collected during the registration process to fulfill a contract or to carry out pre-contractual measures when the data are no longer necessary for the performance of the contract. Even after conclusion of the contract, it may be necessary to retain the contracting party’s personal data in order to comply with contractual or legal obligations.

5. Right to object and removal options

As a user you can cancel the registration at any time. You can have the data we hold about you changed at any time. To do so, contact us via the contact details given in the imprint.
If the data are necessary to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not oppose deletion.

VII. Contact form and e-mail contact

1. Description and scope of data processing

There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input mask are transmitted to us and stored.

The following data are also stored at the time the message is sent:

1. The user’s IP address
2. Date and time of registration

Your consent is obtained during the sending process for the processing of the data and reference is made to this privacy policy.

Alternatively, contact can be made via the provided e-mail address. In this case, the personal data of the user transmitted with the e-mail will be stored.

No data are passed on to third parties in this context. The data are used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data is Art. 6(1)(a) GDPR if the user has given consent.

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the e-mail contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR.

3. Purpose of data processing

The processing of the personal data from the input mask serves us solely to handle the contact request. In the case of contact by e-mail, the legitimate interest in processing the data is also present.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the contact form input mask and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been finally resolved.

The personal data additionally collected during the sending process are deleted at the latest after a period of seven days.

5. Right to object and removal options

The user may revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation cannot be continued.
All personal data that were stored during the contact will in this case be deleted.

VIII. Web analytics by Matomo (formerly PIWIK)

Matomo offers various options for web analytics. This tool can be configured to operate without setting cookies and with anonymized or no IP address. Consequently, consent requirements then do not apply. The statement below reflects the standard case in which cookies are set.

1. Scope of processing of personal data

We use the open-source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software sets a cookie on the users' computers (see cookies above). When individual pages of our website are accessed, the following data are stored:

1. Two bytes of the IP address of the user's calling system
2. The page accessed
3. The website from which the user reached the accessed page (referrer)
4. The subpages accessed from the accessed page
5. The time spent on the page
6. The frequency of page visits

The software runs exclusively on the servers of our website. Personal data of users are stored only there. The data are not passed on to third parties.
The software is configured so that IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, assignment of the truncated IP address to the calling computer is no longer possible.

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6(1)(f) GDPR.

3. Purpose of data processing

Processing users' personal data enables us to analyze the surfing behavior of our users. By evaluating the collected data we are able to compile information about the usage of the individual components of our website. This helps us continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6(1)(f) GDPR. The anonymization of the IP address sufficiently takes into account users' interest in the protection of their personal data.

4. Duration of storage

The data are deleted as soon as they are no longer needed for our recording purposes.

5. Right to object and removal options

Cookies are stored on the user's computer and transmitted by it to our site. Therefore you as a user also have full control over the use of cookies. By changing the settings in your web browser you can deactivate or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it may no longer be possible to use all functions of the website fully.

IX. Integration of external services

Embedding YouTube videos

We embed videos from the YouTube service on our website, an offering by Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). When a video is played, your browser automatically sends data such as IP address, browser type, operating system, date/time and interactions to the YouTube servers. YouTube may also use cookies and similar technologies. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing multimedia content). Because YouTube sets tracking cookies, we obtain your consent in advance. You can withdraw your consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework (“Privacy Shield”). Further information can be found in Google's privacy policy at https://policies.google.com/privacy. You have all data subject rights under the GDPR.

Embedding Vimeo videos

We embed videos from the Vimeo service on our website. The provider is Vimeo.com, Inc., 330 West 34th Street, New York, NY 10001, USA. As soon as you start such a video, your browser automatically connects to Vimeo's servers. In the process, in particular your IP address, information about your browser/operating system, date and time of access, and your interactions (e.g., start, pause) are transmitted. Vimeo uses cookies and similar tracking technologies. The embedded player, among other things, places the cookie “vuid” (storage duration ≈ 2 years, purpose = usage statistics) as well as “player” (≈ 1 year, purpose = storing your player settings); further technically necessary cookies may be added, e.g., for bot protection.
The legal basis for the embedding is Art. 6(1)(f) GDPR (legitimate interest in an appealing, multimedia presentation of our offerings). Since the Vimeo players can set cookies for reach and usage analysis, we obtain your express consent pursuant to Art. 6(1)(a) GDPR before loading the player. You can revoke this consent at any time in the cookie settings of our website with effect for the future.
By using the player, personal data are transferred to the USA. Vimeo participates in the EU–US Data Privacy Framework and is thus certified for transatlantic data transfer under Art. 45 GDPR.
Further information on data processing by Vimeo can be found in the provider's privacy policy at https://vimeo.com/privacy. You have all data subject rights under the GDPR (access, rectification, erasure, restriction of processing, data portability, complaint to a supervisory authority).

Embedding of Google Maps

On our website we use the Google Maps mapping service of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). With each map request your browser automatically loads data such as IP address, browser type, geolocation data (if enabled), date/time and cookies to Google's servers. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in an interactive map display). Prior consent is required because Google Maps can set tracking cookies. You can revoke consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU–US Data Privacy Framework (“Privacy Shield”). Further information: https://policies.google.com/privacy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Embedding of OpenStreetMap

Our website uses OpenStreetMap, provided by the OpenStreetMap Foundation (65 Leazes Park Road, Newcastle upon Tyne, NE1 4PF, United Kingdom). When loading the map, only map data (tile images, scripts) are retrieved from the OpenStreetMap server; personal data are only collected if you consent to sharing your device's location. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the map display). OpenStreetMap does not set tracking cookies, so no consent is required. The servers are located in Europe; no transfer to third countries takes place. Further information: https://osmfoundation.org/wiki/Privacy_Policy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Embedding of tawk.to chat

On our website we use the live chat service tawk.to, a service of tawk.to Inc. (187 East Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA). When the chat widget loads, data such as IP address, browser type, operating system, date/time of access and, where applicable, location data and cookies are automatically transmitted to tawk.to. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in direct user communication). Because tawk.to sets cookies, the consent you have given for this is required and can be revoked at any time via our cookie banner. Data are transferred to the USA under tawk.to's participation in the EU–US Data Privacy Framework, the UK Extension to the EU–US DPF and the Swiss–US DPF. Further information can be found in tawk.to's privacy policy at https://www.tawk.to/privacy-policy/. You have the data subject rights provided for in the GDPR (access, rectification, erasure, restriction of processing, data portability, objection).

Embedding of Google Fonts

We use fonts ("Google Web Fonts") from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website to improve readability and the consistent appearance of our pages. The font files are only loaded after you have explicitly consented to the corresponding category ("Fonts/External Media") via our consent banner. Only after your consent does your browser connect to the domains fonts.googleapis.com and fonts.gstatic.com; in the process your IP address and certain technical information (e.g., browser type, operating system and referrer URL) are transmitted to Google in the USA. The legal basis for this data processing is your voluntary consent pursuant to Art. 6(1)(a) GDPR, given solely for the stated purpose. You can withdraw your consent at any time with effect for the future by clicking “Change settings” in the cookie banner or by deleting the relevant cookies in your browser. Details on the storage duration and scope of the data processed by Google can be found in Google's privacy policy at https://policies.google.com/privacy. For further information on your rights and general data protection notes, please refer to the other sections of this privacy policy.

Embedding of Google Analytics (GA4)

We use the web analytics tool Google Analytics version 4 on the basis of your consent (Art. 6(1)(a) GDPR). The service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for Europe, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland acts. The purpose of processing is to statistically evaluate user behavior on our website, measure reach and continuously optimize our content.
For this purpose, Google Analytics stores, among other things, device and browser information, pseudonymized user IDs, pages viewed, dwell time, click paths, broad location data and events defined by us (e.g., scroll depth or video views). The IP address is shortened (so-called IP anonymization) before any further processing within the EU or EEA so that no direct personal reference remains.
The collected information may be transferred to and processed on Google's servers in the USA. Google bases these transfers on the EU Standard Contractual Clauses; in addition, there is a data processing agreement with Google pursuant to Art. 28 GDPR. By default, user and event data are stored for 14 months and are then automatically deleted or anonymized; differing retention periods have been documented by us in the Google Analytics interface.
You can revoke your consent at any time with effect for the future by deactivating the “Statistics” category in our cookie banner. Google also offers a browser add-on to disable Google Analytics https://tools.google.com/dlpage/gaoptout. The lawfulness of the processing carried out up to the time of revocation remains unaffected.

X. Rights of the data subject

If personal data about you are processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

1. Right of access

You can request from the controller confirmation as to whether personal data concerning you are being processed by us.
If such processing is taking place, you can request from the controller information on the following:

1. the purposes for which the personal data are processed;
2. the categories of personal data which are being processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the intended retention period for the personal data concerning you, or, if it is not possible to provide specific information, the criteria used to determine the retention period;
5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the source of the data, if the personal data were not collected from the data subject;
8. the existence of automated decision-making including profiling pursuant to Article 22(1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether personal data concerning you are being transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.
Your right of access in AI-based data processing extends to processing activities and the functioning of the AI systems used for data processing.

2. Right to rectification

You have a right to obtain from the controller the rectification and/or completion of personal data concerning you where the processed personal data concerning you are inaccurate or incomplete. The controller shall rectify such data without undue delay.
Your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

3. Right to restriction of processing

Under the following conditions you may request the restriction of processing of personal data concerning you:

1. where you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
3. the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
4. you have objected to processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such personal data - apart from storage - shall only be processed with your consent or for the establishment, exercise or defense of legal claims or the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If restriction of processing has been restricted pursuant to the above conditions, you will be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

4. Right to erasure

a) Obligation to erase

You may request that the controller erase personal data concerning you without undue delay, and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR was based, and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase them, the controller, taking into account available technology and the implementation costs, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, those personal data.

c) Exceptions

The right to erasure does not apply where the processing is necessary for

1. exercising the right of freedom of expression and information;
2. compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. the establishment, exercise or defense of legal claims.

5. Right to information

Where you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller shall communicate the rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
2. the processing is carried out by automated means.

In exercising this right you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of others shall not be adversely affected.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If personal data relating to you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data relating to you will no longer be processed for those purposes.

You have the possibility, in connection with the use of information society services - without prejudice to Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR.

Your right to object may be restricted insofar as it is likely to make the achievement of the research or statistical purposes impossible or seriously impair it and the restriction is necessary for the fulfillment of the research or statistical purposes.

8. Right to withdraw the data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is authorized by Union or Member State law to which the controller is subject and that law provides suitable measures to safeguard your rights and freedoms and your legitimate interests, or
3. is based on your explicit consent.

However, such decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) applies and suitable measures to protect the rights and freedoms and your legitimate interests have been taken.

With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention by the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.