Imprint & Privacy Policy of neo WP

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is the person specified in the Impressum.

II. General information on data processing

1. Scope of processing of personal data

We process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users is regularly carried out only with the user’s consent. An exception applies in cases where obtaining consent beforehand is not possible for factual reasons and the processing of the data is permitted by legal provisions.

2. Legal basis for the processing of personal data

If we obtain consent from the data subject for processing operations of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned regulations expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the visiting computer.

The following data are collected in this context:

1. Information about the browser type and the version used
2. The user’s operating system
3. The user’s internet service provider
4. The user's IP address
5. Date and time of access
6. Websites from which the user’s system accessed our website
7. Websites that are accessed by the user’s system via our website

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and the log files is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to deliver the website to the user\'s computer. For this purpose, the user\'s IP address must remain stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used for the technical optimization of the website and to ensure the security of our information technology systems. The data are not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. In the case of collecting the data to provide the website, this is the case when the respective session has ended.
In the case of storing the data in log files, this is the case after at most seven days. Further storage is possible. In this case, the users\' IP addresses will be deleted or anonymized so that an assignment to the calling client is no longer possible.

5. Objection and removal options

The collection of data to provide the website and the storage of data in log files are essential for the operation of the website. Therefore, the user has no option to object.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user\'s computer system. When a user accesses a website, a cookie can be stored on the user\'s operating system. This cookie contains a characteristic string of characters that enables the unique identification of the browser when the website is visited again.
We use cookies to make our website functional. Some elements of our website require the calling browser to be identifiable even after a page change.
The following data are stored and transmitted in the cookies:

1. Language settings
2. Items in a shopping cart
3. Log-in information

In addition, we use cookies on our website that enable an analysis of users\' browsing behavior.
In this way, the following data can be transmitted:

1. Entered search terms
2. Frequency of page views
3. Use of website functions

When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies for analytical purposes is, if the user has given consent, Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of personal data using technically necessary cookies is otherwise Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to enable users to use websites. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after changing pages.
We need cookies for the following applications:

1. Shopping cart
2. Adoption of language settings
3. Log-in information

The user data collected by technically necessary cookies is not used to create user profiles.
The use of analytics cookies is for the purpose of improving the quality of our website and its content. Through the analytics cookies we find out how the website is used and can continuously optimize our offering.
These purposes also constitute our legitimate interest in the subsequent processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage, right to object and removal options

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore you as a user also have full control over the use of cookies. By changing the settings in your internet browser you can disable or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be available in full.

V. Newsletter

1. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input form is transmitted to us.
In addition, the following data are collected when registering:

1. IP address of the accessing computer
2. Date and time of registration

As part of the registration process, your consent is obtained for the processing of the data and reference is made to this privacy policy.

If you purchase goods or services on our website and provide your e-mail address, this may subsequently be used by us to send a newsletter. In such a case, the newsletter will contain direct advertising for our own similar goods or services only.

In connection with the processing of data for sending newsletters there is no transfer of data to third parties. The data is used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after registration for the newsletter by the user is, if the user has given consent, Art. 6 para. 1 lit. a GDPR.

Legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The collection of the user's email address is for the purpose of delivering the newsletter.

The collection of other personal data during the registration process is intended to prevent misuse of the services or of the email address used.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The user's email address is therefore stored for as long as the newsletter subscription is active.

Other personal data collected during the registration process are usually deleted after a period of seven days.

5. Objection and removal options

The newsletter subscription can be cancelled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter.

This also enables revocation of the consent to store the personal data collected during the registration process.

VI. Registration

1. Description and scope of data processing

On our website we offer users the opportunity to register by providing personal data. The data are entered into an input form and transmitted to us and stored. The data are not disclosed to third parties. The data provided during registration are collected as part of the registration process.
The following data are also stored at the time of registration:

1. The user's IP address
2. Date and time of registration

As part of the registration process, the user's consent to the processing of these data is obtained.

2. Legal basis for data processing

The legal basis for processing the data where the user has given consent is Art. 6(1)(a) GDPR.

If registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Art. 6(1)(b) GDPR.

3. Purpose of data processing

A user's registration is necessary to provide certain content and services on our website.

A user's registration is also necessary to fulfill a contract with the user or to carry out pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

This applies to the data collected during the registration process when the registration on our website is canceled or changed.

This applies to the data collected during the registration process to fulfill a contract or to carry out pre-contractual measures when the data are no longer necessary for performing the contract. Even after the contract has been concluded, it may be necessary to retain the contracting party's personal data to comply with contractual or legal obligations.

5. Objection and removal options

As a user you can cancel the registration at any time. You can have the data we store about you changed at any time. Contact us using the contact details provided in the imprint for this purpose.
If the data are required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not oppose deletion.

VII. Contact form and e-mail contact

1. Description and scope of data processing

There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input form will be transmitted to us and stored.

The following data are also stored at the time the message is sent:

1. The user's IP address
2. Date and time of registration

Your consent is obtained as part of the sending process for processing the data and reference is made to this privacy policy.

Alternatively, contact can be made via the provided e-mail address. In this case, the personal data of the user transmitted with the e-mail will be stored.

No data are shared with third parties in this context. The data are used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data where the user has given consent is Art. 6(1)(a) GDPR.

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

3. Purpose of data processing

Processing the personal data from the input form serves solely to handle the contact request. In the case of contact by e-mail, the legitimate interest in processing the data is also necessary for this purpose.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the contact form input mask and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been finally clarified.

The personal data additionally collected during the sending process will be deleted no later than after a period of seven days.

5. Objection and removal options

The user can revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation cannot be continued.
All personal data stored during the course of contacting us will be deleted in this case.

VIII. Web analysis by Matomo (formerly PIWIK)

Matomo offers various options for web analysis. This tool allows operation without setting cookies and only with anonymized or without IP addresses. Consequently, consent requirements then do not apply. The statement below represents the standard case in which cookies are set.

1. Scope of processing of personal data

We use the open-source software tool Matomo (formerly PIWIK) on our website to analyze the browsing behavior of our users. The software sets a cookie on the users' computers (see cookies above). When individual pages of our website are accessed, the following data are stored:

1. Two bytes of the IP address of the user's calling system
2. The web page accessed
3. The website from which the user reached the accessed web page (referrer)
4. The subpages accessed from the accessed web page
5. The time spent on the web page
6. The frequency of access to the web page

The software runs exclusively on the servers of our website. Personal data of users is stored only there. No transfer of the data to third parties takes place.
The software is configured so that IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g., 192.168.xxx.xxx). In this way, assignment of the shortened IP address to the calling computer is no longer possible.

2. Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The processing of users' personal data enables us to analyze users' browsing behavior. By evaluating the collected data we are able to compile information about the use of the individual components of our website. This helps us to continually improve our website and its user-friendliness. Our legitimate interest in processing the data pursuant to Art. 6(1)(f) GDPR lies in these purposes. By anonymizing the IP address, the users' interest in the protection of their personal data is adequately safeguarded.

4. Duration of storage

The data are deleted as soon as they are no longer needed for our recording purposes.

5. Objection and removal options

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore you as a user also have full control over the use of cookies. By changing the settings in your internet browser you can disable or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be available in full.

IX. Integration of external services

Integration of YouTube videos

We embed videos of the YouTube service on our website, an offering of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). When a video is played, your browser automatically sends data such as IP address, browser type, operating system, date/time and interactions to the YouTube servers. YouTube may also use cookies and similar technologies. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing multimedia content). Because YouTube sets tracking cookies, we obtain your consent in advance. You can revoke your consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework ("Privacy Shield"). For more information see Google's privacy policy at https://policies.google.com/privacy. You have all rights of data subjects under the GDPR.

Integration of Vimeo videos

We embed videos from the Vimeo service on our website. The provider is Vimeo.com, Inc., 330 West 34th Street, New York, NY 10001, USA. As soon as you start such a video, your browser automatically establishes a connection to Vimeo’s servers. In particular, your IP address, information about browser/operating system, date and time of access, and your interactions (e.g. start, pause) are transmitted. Vimeo uses cookies and similar tracking technologies. The embedded player sets, among others, the cookie “vuid” (storage duration ≈ 2 years, purpose = usage statistics) and “player” (≈ 1 year, purpose = storing your player settings); further technically necessary cookies may be added, e.g. for bot protection.
The legal basis for the embedding is Art. 6(1)(f) GDPR (legitimate interest in an appealing, multimedia presentation of our offerings). Since the Vimeo player can set cookies for reach and usage analysis, we obtain your express consent pursuant to Art. 6(1)(a) GDPR before loading the player. You can revoke this consent at any time in the cookie settings of our website with effect for the future.
By using the player, personal data are transferred to the USA. Vimeo participates in the EU-US Data Privacy Framework and is thus certified for transatlantic data transfer under Art. 45 GDPR.
For more information on data processing by Vimeo, see the provider’s privacy policy at https://vimeo.com/privacy. You have all data subject rights under the GDPR (access, rectification, erasure, restriction of processing, data portability, complaint to a supervisory authority).

Embedding of Google Maps

On our website we use the Google Maps mapping service from Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). With every map request your browser automatically transmits data such as IP address, browser type, geolocation data (if allowed), date/time and cookies to Google’s servers. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in an interactive map presentation). Your prior consent is required because Google Maps may set tracking cookies. You can revoke consent in our cookie settings at any time. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework. More information: https://policies.google.com/privacy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Embedding of OpenStreetMap

Our website uses OpenStreetMap, provided by the OpenStreetMap Foundation (65 Leazes Park Road, Newcastle upon Tyne, NE1 4PF, United Kingdom). When loading the map, only map data (tile images, scripts) are retrieved from the OpenStreetMap server; personal data are only collected if you consent to your device’s location sharing. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in map presentation). OpenStreetMap does not set tracking cookies, so no consent is required. The servers are located in Europe; no transfer to third-country servers takes place. More information: https://osmfoundation.org/wiki/Privacy_Policy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Embedding of tawk.to chat

On our website we use the live chat service tawk.to, a service of tawk.to Inc. (187 East Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA). When the chat widget loads, data such as IP address, browser type, operating system, date/time of access and, if applicable, location data and cookies are automatically transmitted to tawk.to. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in direct user communication). Because tawk.to sets cookies, your consent for this is required and can be revoked at any time via our cookie banner. Data transfer to the USA occurs with tawk.to’s participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. For more information see tawk.to’s privacy policy at https://www.tawk.to/privacy-policy/. You have the rights provided by the GDPR (access, rectification, erasure, restriction of processing, data portability, objection).

Embedding of Google Fonts

We use fonts (“Google Web Fonts”) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website to improve readability and the consistent appearance of our pages. Font files are only loaded after you have explicitly consented to the corresponding category (“Fonts/External Media”) via our consent banner. Only after your consent does your browser connect to the domains fonts.googleapis.com and fonts.gstatic.com; in doing so your IP address and certain technical information (e.g. browser type, operating system and referrer URL) are transmitted to Google in the USA. The legal basis for this data processing is your voluntary consent pursuant to Art. 6(1)(a) GDPR, which is given exclusively for the stated purpose. You can revoke your consent at any time with effect for the future by clicking “Change settings” in the cookie banner or by deleting the corresponding cookies in your browser. Details on storage duration and scope of the data processed by Google can be found in Google’s privacy policy at https://policies.google.com/privacy. For more information about your rights and general data protection notes, please refer to the other sections of this privacy policy.

Embedding of Google Analytics (GA4)

Based on your consent (Art. 6(1)(a) GDPR) we use the web analytics tool Google Analytics version 4. Service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for Europe Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland acts. The purpose of processing is to statistically analyze user behavior on our website, measure reach and continuously optimize our content.
For this purpose Google Analytics stores, among other things, device and browser information, pseudonymized user IDs, pages viewed, time on site, click paths, coarse location data and events defined by us (e.g. scroll depth or video views). The IP address is shortened (so-called IP anonymization) within the EU/EEA before any further processing, so that no direct personal reference remains.
The collected information may be transferred to and processed on Google’s servers in the USA. Google bases these transfers on the EU Standard Contractual Clauses; in addition, there is a data processing agreement with Google pursuant to Art. 28 GDPR. By default, user and event data are retained for 14 months and then automatically deleted or anonymized; deviating retention periods have been documented by us in the Google Analytics interface.
You can revoke your consent at any time with effect for the future by disabling the “Statistics” category in our cookie banner. In addition, Google offers a browser add-on to disable Google Analytics https://tools.google.com/dlpage/gaoptout. The lawfulness of processing carried out up to revocation remains unaffected.

X. Rights of the data subject

If personal data about you are processed, you are a data subject within the meaning of the GDPR and have the following rights against the controller:

1. Right of access

You may request from the controller confirmation as to whether personal data concerning you are being processed by us.
If such processing exists, you may request from the controller information about the following:

1. the purposes for which the personal data are processed;
2. the categories of personal data that are being processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the intended duration for which the personal data concerning you will be stored or, if specific information is not possible, the criteria used to determine the storage period;
5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the source of the data, where the personal data are not collected from you;
8. the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.

You have the right to obtain information about whether the personal data concerning you are transferred to a third country or to an international organization. In that connection you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.
Your right of access, in the case of AI-based data processing, extends to processing activities and the functionalities of the AI systems used for data processing.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of personal data concerning you if the processed personal data concerning you are inaccurate or incomplete. The controller shall take every reasonable step to ensure that the rectification is carried out without undue delay.
Your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

3. Right to restriction of processing

Under the following conditions you may request the restriction of processing of personal data concerning you:

1. where you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. where the processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use;
3. where the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
4. where you have objected to processing pursuant to Art. 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such personal data - other than storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where the restriction of processing is lifted in accordance with the aforementioned conditions, you will be informed by the controller prior to lifting the restriction.
Your right to restriction of processing may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

4. Right to erasure

a) Obligation to erase

You may request that the controller erase personal data concerning you without undue delay, and the controller shall be obliged to erase such personal data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR was based, and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
4. The personal data concerning you have been processed unlawfully.
5. The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

b) Information to third parties

If the controller has made public the personal data concerning you and is obliged pursuant to Art. 17(1) GDPR to erase them, the controller, taking into account the available technology and the implementation costs, shall take reasonable measures, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure of all links to those personal data or of copies or replications of those personal data.

c) Exceptions

The right to erasure does not exist to the extent that the processing is necessary

1. for the exercise of the right to freedom of expression and information;
2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
5. for the establishment, exercise or defence of legal claims.

5. Right to be informed

Where you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller shall communicate the rectification or erasure of the personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where

1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
2. the processing is carried out by automated means.

In exercising this right you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

If personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for those purposes.

You have the option, in connection with the use of information society services - without prejudice to Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR.

Your right to object may be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to withdraw the data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for entering into or performance of a contract between you and the controller,
2. is authorised by Union or Member State law to which the controller is subject and which provides for suitable measures to safeguard your rights and freedoms and legitimate interests, or
3. is based on your explicit consent.

However, such decisions must not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests have been taken.

In relation to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which shall include at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.