Imprint & Privacy of neo WP

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is the person named in the Impressum.

II. General Information on Data Processing

1. Scope of processing of personal data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.

2. Legal basis for the processing of personal data

If we obtain consent from the data subject for processing operations of personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing.

3. Data Deletion and Storage Period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for contract conclusion or contract performance.

III. Provision of the Website and Creation of Log Files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling device.

The following data is collected:

1. Information about the browser type and the version used
2. The user’s operating system
3. The user’s Internet service provider
4. The user’s IP address
5. Date and time of access
6. Websites from which the user’s system reached our website
7. Websites that are accessed by the user’s system via our website

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, we use the data to technically optimize the website and to ensure the security of our information technology systems. The data are not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage

The data are deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. In the case of collecting data to provide the website, this is when the respective session has ended.
In the case of storing data in log files, this is the case after at most seven days. Further storage beyond that is possible. In such a case, the users' IP addresses will be deleted or anonymized so that an assignment to the requesting client is no longer possible.

5. Objection and removal option

Collecting the data to provide the website and storing the data in log files is strictly necessary for operating the website. Therefore the user has no right to object.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is revisited.
We use cookies to make our website functional. Some elements of our website require that the requesting browser can still be identified after a page change.
The following data is stored and transmitted in the cookies:

1. Language settings
2. Items in a shopping cart
3. Log-in information

We also use cookies on our website that allow analysis of users' browsing behavior.
In this way the following data can be transmitted:

1. Search terms entered
2. Frequency of page views
3. Use of website functions

When our website is accessed, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context a reference to this privacy policy is also made.

2. Legal basis for data processing

The legal basis for processing personal data using cookies for analytical purposes is, if the user has given consent, Art. 6 para. 1 lit. a GDPR.
The legal basis for processing personal data using technically necessary cookies is otherwise Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to enable users to use websites. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser can be recognized again after navigating to another page.
We need cookies for the following applications:

1. Shopping cart
2. Adoption of language settings
3. Log-in information

The user data collected by technically necessary cookies is not used to create user profiles.
The use of analytical cookies is for the purpose of improving the quality of our website and its content. Through analytical cookies we learn how the website is used and can continuously optimize our offering.
These purposes also constitute our legitimate interest in the subsequent processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage, objection and deletion options

Cookies are stored on the user’s computer and transmitted by it to our site. Therefore you as a user also have full control over the use of cookies. By changing the settings in your internet browser you can disable or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be usable to their full extent.

V. Newsletter

1. Description and scope of data processing

On our website there is the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input form is transmitted to us.
In addition, the following data is collected when registering:

1. IP address of the requesting computer
2. Date and time of registration

For the processing of the data, your consent is obtained as part of the registration process and reference is made to this privacy policy.

If you purchase goods or services on our website and provide your email address, we may subsequently use it to send a newsletter. In such a case, the newsletter will contain direct advertising only for our own similar goods or services.

In connection with data processing for sending newsletters, there is no transfer of the data to third parties. The data is used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after registration for the newsletter by the user is, if the user has given consent, Art. 6 para. 1 lit. a GDPR.

Legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6(1)(f) GDPR.

3. Purpose of data processing

Collecting the user's email address serves to deliver the newsletter.

Collecting other personal data during the registration process serves to prevent misuse of the services or of the email address used.

4. Duration of storage

Data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. The user's email address is therefore stored as long as the newsletter subscription is active.

Other personal data collected during the registration process are usually deleted after a period of seven days.

5. Objection and removal option

You can cancel the newsletter subscription at any time. For this purpose there is a corresponding link in every newsletter.

This also enables withdrawal of consent to the storage of personal data collected during the registration process.

VI. Registration

1. Description and scope of data processing

On our website we offer users the option to register by providing personal data. The data are entered into an input form, transmitted to us and stored. There is no transfer of the data to third parties. The data provided during registration are collected as part of the registration process.
The following data are also stored at the time of registration:

1. The user’s IP address
2. Date and time of registration

As part of the registration process, the user is asked for consent to the processing of these data.

2. Legal basis for data processing

The legal basis for processing the data, if the user’s consent is present, is Art. 6 para. 1 lit. a GDPR.

If the registration serves to fulfil a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Art. 6(1)(b) GDPR.

3. Purpose of data processing

Registering is necessary to provide certain content and services on our website.

Registering is also necessary to fulfil a contract with the user or to carry out pre-contractual measures.

4. Duration of storage

Data are deleted as soon as they are no longer necessary for achieving the purpose for which they were collected.

This applies to the data collected during the registration process when the registration on our website is cancelled or changed.

This applies to the data collected during the registration process for the performance of a contract or for pre-contractual measures when the data are no longer necessary for performance of the contract. Even after conclusion of the contract, it may be necessary to retain the contract partner’s personal data in order to comply with contractual or legal obligations.

5. Objection and removal option

As a user you can cancel the registration at any time. You can have the data stored about you changed at any time. Contact us for this using the contact details given in the imprint.
If the data are necessary for the performance of a contract or for pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not oppose deletion.

VII. Contact form and e-mail contact

1. Description and scope of data processing

There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input mask are transmitted to us and stored.

The following data are also stored at the time the message is sent:

1. The user’s IP address
2. Date and time of registration

Your consent is obtained as part of the sending process for the processing of the data and reference is made to this privacy policy.

Alternatively, contact can be made via the provided e-mail address. In that case the personal data of the user transmitted with the e-mail are stored.

No transfer of the data to third parties takes place in this context. The data are used exclusively to process the conversation.

2. Legal basis for data processing

The legal basis for processing the data, if the user’s consent is present, is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of the personal data from the input mask serves us solely to handle the contact. In the case of contact by e-mail there is also the legitimate interest necessary for processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been finally resolved.

The personal data additionally collected during the sending process are deleted at the latest after a period of seven days.

5. Objection and removal option

You can revoke your consent to the processing of personal data at any time. If you contact us by e-mail you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.
All personal data that was stored during the contact will be deleted in this case.

VIII. Web analysis by Matomo (formerly PIWIK)

Matomo offers various options for web analysis. This tool can work without setting cookies and only with anonymized or without IP addresses. Consequently, consent requirements then do not apply. The explanation shown below represents the standard case in which cookies are set.

1. Scope of processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software sets a cookie on the users’ computer (see cookies above). When individual pages of our website are accessed, the following data are stored:

1. Two bytes of the IP address of the user’s calling system
2. The page accessed
3. The website from which the user reached the accessed page (referrer)
4. The subpages that are accessed from the accessed page
5. The duration of stay on the page
6. The frequency of access to the page

The software runs exclusively on the servers of our website. Personal data of users is stored only there. No transfer of the data to third parties takes place.
The software is configured so that IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way it is no longer possible to assign the shortened IP address to the calling computer.

2. Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data collected we are able to compile information about the usage of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Our legitimate interest in processing the data pursuant to Art. 6 para. 1 lit. f GDPR lies in these purposes. By anonymizing the IP address the users’ interest in the protection of their personal data is sufficiently taken into account.

4. Duration of storage

The data are deleted as soon as they are no longer needed for our recording purposes.

5. Objection and removal option

Cookies are stored on the user’s computer and transmitted by it to our site. Therefore you as a user also have full control over the use of cookies. By changing the settings in your internet browser you can disable or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be usable to their full extent.

IX. Integration of external services

Integration of YouTube videos

We embed videos from the YouTube service on our website, an offering of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). When a video is played your browser automatically loads data such as IP address, browser type, operating system, date/time and interactions to the YouTube servers. YouTube may also use cookies and similar technologies. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in providing multimedia content). Because YouTube sets tracking cookies we obtain your consent in advance. You can withdraw your consent at any time in our cookie settings. Data is transferred to the USA; Google is certified under the EU-US Data Privacy Framework ("Privacy Shield"). Further information can be found in Google’s privacy policy at https://policies.google.com/privacy. You have all data subject rights under the GDPR.

Integration of Vimeo videos

We embed videos from the Vimeo service on our website. The provider is Vimeo.com, Inc., 330 West 34th Street, New York, NY 10001, USA. As soon as you start such a video, your browser automatically establishes a connection to Vimeo servers. In particular, your IP address, information about browser/operating system, date and time of access, and your interactions (e.g. start, pause) are transmitted. Vimeo uses cookies and similar tracking technologies. The embedded player sets, among others, the cookie “vuid” (storage duration ≈ 2 years, purpose = usage statistics) and “player” (≈ 1 year, purpose = storing your player settings); further technically necessary cookies may be added, e.g. for bot protection.
The legal basis for embedding is Art. 6(1)(f) GDPR (legitimate interest in an appealing, multimedia presentation of our offerings). Since the Vimeo players may set cookies for reach and usage analysis, we obtain your explicit consent pursuant to Art. 6(1)(a) GDPR before loading the player. You can revoke this consent at any time in the cookie settings of our website with effect for the future.
By using the player, personal data are transferred to the USA. Vimeo participates in the EU-US Data Privacy Framework and is thus certified for transatlantic data transfer under Art. 45 GDPR.
Further information on data processing by Vimeo can be found in the provider’s privacy policy at https://vimeo.com/privacy. You have all data subject rights under the GDPR (access, rectification, erasure, restriction of processing, data portability, complaint to a supervisory authority).

Integration of Google Maps

On our website we use the Google Maps mapping service of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). With each map request your browser automatically sends data such as IP address, browser type, geolocation data (if permitted), date/time and cookies to Google servers. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in an interactive map presentation). Your prior consent is required because Google Maps may set tracking cookies. You can revoke consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework. Further information: https://policies.google.com/privacy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Integration of OpenStreetMap

Our website uses OpenStreetMap provided by the OpenStreetMap Foundation (65 Leazes Park Road, Newcastle upon Tyne, NE1 4PF, United Kingdom). When loading the map, only map data (tile images, scripts) are retrieved from the OpenStreetMap server; personal data are only collected if you agree to share your device’s location. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in map presentation). OpenStreetMap does not set tracking cookies, so no consent is required. The servers are located in Europe; no transfer to third countries takes place. Further information: https://osmfoundation.org/wiki/Privacy_Policy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Integration of tawk.to chat

On our website we use the live chat service tawk.to, a service of tawk.to Inc. (187 East Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA). When the chat widget loads, data such as IP address, browser type, operating system, date/time of access and, if applicable, location data and cookies are automatically transmitted to tawk.to. The processing is based on Art. 6(1)(f) GDPR (legitimate interest in direct user communication). Since tawk.to sets cookies, your consent for this is required and can be revoked at any time via our cookie banner. Data transfer to the USA takes place with tawk.to’s participation in the EU-US Data Privacy Framework, the UK Extension to the EU-US DPF and the Swiss-US DPF. Further information is available in tawk.to’s privacy policy at https://www.tawk.to/privacy-policy/. You have the data subject rights governed by the GDPR (access, rectification, erasure, restriction of processing, data portability, objection).

Integration of Google Fonts

We use fonts (“Google Web Fonts”) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website to improve readability and the uniform appearance of our pages. The font files are only loaded after you have explicitly consented to the corresponding category (“Fonts/External Media”) via our consent banner. Only after your consent does your browser connect to the domains fonts.googleapis.com and fonts.gstatic.com; your IP address and certain technical information (e.g. browser type, operating system and referrer URL) are transmitted to Google in the USA. The legal basis for this data processing is your voluntary consent pursuant to Art. 6(1)(a) GDPR, which is given exclusively for the stated purpose. You can revoke your consent at any time with effect for the future by clicking “Change settings” in the cookie banner or deleting the corresponding cookies in your browser. Details on storage duration and scope of the data processed by Google can be found in Google’s privacy policy at https://policies.google.com/privacy. For more information on your rights and general information on data protection, please refer to the other sections of this privacy policy.

Integration of Google Analytics (GA4)

Based on your consent (Art. 6(1)(a) GDPR), we use the web analytics tool Google Analytics version 4. The service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for Europe Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland acts. The purpose of the processing is to statistically evaluate user behavior on our website, measure reach and continuously optimize our content.
For this purpose Google Analytics stores, among other things, device and browser information, pseudonymized user IDs, pages visited, time spent, click paths, rough location data and events defined by us (e.g. scroll depth or video plays). The IP address is shortened (so-called IP anonymization) before any further processing within the EU or EEA so that no direct personal reference remains.
The collected information may be transferred to and processed on Google servers in the USA. Google relies on the EU Standard Contractual Clauses for these transfers; in addition, there is a contract with Google on order processing pursuant to Art. 28 GDPR. By default, user and event data are stored for 14 months and then automatically deleted or anonymized; deviating retention periods have been documented by us in the Google Analytics interface.
You can revoke your consent at any time with effect for the future by deactivating the “Statistics” category in our cookie banner. Google also offers a browser add-on to disable Google Analytics at https://tools.google.com/dlpage/gaoptout. The lawfulness of processing carried out up to the time of revocation remains unaffected.

X. Rights of the data subject

If personal data about you are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access

You can ask the controller for confirmation as to whether personal data concerning you are being processed by us.
If such processing exists, you can request the following information from the controller:

1. the purposes for which the personal data are processed;
2. the categories of personal data that are processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the intended duration of storage of the personal data concerning you or, if specific information cannot be provided, the criteria used to determine the storage period;
5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the source of the data, if the personal data were not collected from you;
8. the existence of automated decision‑making including profiling pursuant to Art. 22(1) and (4) GDPR and at least in those cases meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information about whether personal data concerning you are transferred to a third country or to an international organization. In this context you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.
Your right of access in relation to AI‑based data processing covers processing activities and the functionalities of the AI systems used for data processing.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of personal data concerning you where the processed personal data concerning you are inaccurate or incomplete. The controller shall rectify such data without undue delay.
Your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

3. Right to restriction of processing

Under the following conditions you may request the restriction of processing of personal data concerning you:

1. when you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
3. the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defence of legal claims; or
4. when you have objected to processing pursuant to Art. 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override yours.

Where processing of personal data concerning you has been restricted, such data - aside from their storage - shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where the restriction of processing has been lifted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

4. Right to erasure

a) Obligation to delete

You may request that the controller erase personal data concerning you without undue delay and the controller shall be obliged to erase such data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR was based, and there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. The personal data concerning you have been processed unlawfully.
5. The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you were collected in relation to information society services offered pursuant to Article 8(1) GDPR.

b) Information to third parties

If the controller has made public the personal data concerning you and is obliged pursuant to Article 17(1) GDPR to erase them, they shall, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers who process the personal data that you as the data subject have requested the erasure of all links to, or copies or replications of, those personal data.

c) Exceptions

The right to erasure does not apply to the extent that the processing is necessary

1. for the exercise of the right to freedom of expression and information;
2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
5. for the establishment, exercise or defense of legal claims.

5. Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller shall communicate the rectification or erasure of the personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided that

1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
2. the processing is carried out by automated means.

In exercising this right you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right, on grounds relating to your particular situation, at any time to object to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

If personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.

You have the option, in connection with the use of information society services - without prejudice to Directive 2002/58/EC - to exercise your right to object by automated means that use technical specifications.

You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR.

Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the performance of those research or statistical purposes.

8. Right to withdraw the data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for entering into or performing a contract between you and the controller,
2. is authorised by Union or Member State law to which the controller is subject and that law provides for appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
3. is based on your explicit consent.

However, such decisions may not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate measures to safeguard the rights and freedoms as well as your legitimate interests have been taken.

In the cases referred to in (1) and (3) the controller shall implement suitable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention by the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.