« Back | Start » Data Protection Policy

Data Protection Policy according to GDPR

  1. Name and address of the data controllerThe data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection legislation of the EU member states as well as other statutory data protection regulations is:

    Echterhage Holding GmbH & Co. KG
    Hönnestraße 45
    58809 Neuenrade
    Germany
    Tel.: +49 (0) 23 94 / 6 16 - 62
    E-Mail:
  2. Name and address of the Data Protection OfficerThe data controller’s Data Protection Officer is:
    Sarah Spieker
    Echterhage Holding GmbH & Co. KG
    Hönnestraße 45
    58809 Neuenrade
    Germany
    Tel.: +49 (0) 23 94 / 61 6 - 673
    E-Mail:
    Webseite: www.e-holding.de
  3. General information on data processing
    1. Scope of the processing of personal dataIn principle, we collect and use the personal data of our users only insofar as this is required to provide a functioning website as well as our content and services. The collection and use of the personal data of users takes place regularly only with the consent of the user. An exception to this applies in such cases where the obtaining of such consent is not possible for practical reasons and the processing of data is permitted by statutory regulations.
    2. Legal basis for the processing of personal dataIf we ask a data subject for consent to use his or her personal data for processing operations, point (a) of Article 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis. When it is required that we process personal data to perform a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations that are required to carry out pre-contractual measures. If we are required to process personal data to fulfil a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, point (d) of Article 6(1) GDPR serves as the legal basis. If processing is required to safeguard a legitimate interest of our company or a third-party and the interests, constitutional rights and fundamental freedoms of the data subject do not outweigh the first-named interest, point (f) of Article 6(1) GDPR serves as the legal basis for the processing.
    3. Erasure of data and duration of storageThe personal data of the data subject is erased or blocked as soon there is no longer a purpose for storage. Storage can take place beyond this if it is provided for by Union law directives, laws or other regulations by European or national legislators to which the controller is subject. Data is also blocked or erased if a retention period prescribed by the standards mentioned expires, unless there exists a requirement for further storage of the data for the conclusion of a contract or the performance of a contract.
    4. Protection of transfer by means of SSL/TLS encryptionThis website uses SSL or TLS encryption for security reasons and to protect the transfer of confidential content. The encrypted connection is guaranteed by the hypertext transfer protocol HTTPS (“https://”). In this instance, data which is transmitted to us by a user cannot be read by third parties.
  4. Provision of website and generation of log files
    1. Description and scope of the data processing
      1. Description and scope of the data processingOur website is located on servers of domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany (hoster). Every time our website is accessed, the hoster's system automatically captures data and information on the computer system of the accessing computer. The following data is collected:

        (1) Information about the browser type and the version used,
        (2) The user’s operating system,
        (3) The user’s IP address,
        (4) Date and time of access.

        The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
      2. Legal basis for the data processingThe legal basis for the temporary storage of data and the log files is point (f) of Article 6(1) GDPR.
      3. Purpose of the data processingThe temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session. The storage in log files is carried out to ensure the functioning of the website. In addition, the data serves to optimise the website and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place in this context. These purposes include our legitimate interest in the data processing pursuant to point (f) Article 6(1) GDPR.
      4. Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose of its collection. This happens when the particular session has ended, in the event of data being captured for the provision of the website. When data is stored in log files, it is deleted after seven days at the latest. It is possible for data to be stored beyond this point. In this instance, the IP addresses of users are erased or anonymized, so that an association with the accessing client is no longer possible.
      5. Objection and removal optionThe capture of data to provide the website and the storage of data in files is an absolute requirement needed for the operation of the website. Consequently, there is no opt-out option for the user.
  5. Use of cookies
    1. Description and scope of the data processingOur website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user’s computer system as at March 2018. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic character string which enables a unique identification of the browser when the website is accessed again.

      We also use cookies on our website that enable an analysis of the surfing behaviour of users. In this way, the following data can be transmitted:

      (1) Frequency of website access,
      (2) Use of website functions.

      The data of users that is collected in this way is pseudonymised using technical measures. Therefore, it is no longer possible to associate the data with the user accessing the website. This data is not stored together with other of the user’s personal data. When our website is accessed, users are notified of the use of cookies for analysis purposes by an info banner and referred to this data protection statement. In this context, information is also given on how the storage of cookies can be prevented in the browser settings.
    2. Legal basis for the data processingThe legal basis for the processing of personal data by using cookies is (f) of Article 6(1) GDPR.
    3. Purpose of the data processing
      The use of analysis cookies is carried out for the purpose of improving the quality of our website and its content. Through the analysis cookies, we find out how the website is used and can therefore constantly optimise our offer. Further information can be found under point ). These purposes include our legitimate interest in the processing of personal data pursuant to point (f) Article 6(1) GDPR.
    4. Duration of storage, objection and removal optionCookies are stored on the user’s computer and transmitted from there to our website. Therefore, as the user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. If cookies are deactivated for our website, it is possible that not all of the functions of the website can be used in full.
  6. Contact form and email contact
    1. Description and scope of the data processingA contact form is available on our website, which can be used for making contact with us electronically. If a user takes this option, the data entered in the input mask is transmitted to us and stored. This data is:

      - Name
      - Company
      - Address
      - Country
      - Telephone number
      - Email address
      - Message

      At the time of sending the message, the following data is also stored:

      (1) The user’s IP address
      (2) Date and time
      (3) Information about the browser type and version used
      (4) The user’s operating system

      To process data as part of this sending procedure, your consent is obtained, if required, and you are referred to this data protection statement. The transfer of data is encrypted by means of the SSL or TLS protocol.

      Alternatively, you can contact us using the email address provided. In this instance, the user’s personal data transmitted with the email is stored. Data is not passed on to third parties in this context. Data is used exclusively for the processing of the conversation.
    2. Legal basis for the data processingThe legal basis for the processing of data is the presence of consent by the user pursuant to point (a) of Article 6(1) GDPR. The legal basis for the processing of the data transmitted in the course of sending an email is point (f) of Article 6(1) GDPR. If the purpose of your contact by email is to terminate a contract, the additional legal basis for the processing is pursuant to point (b) of Article 6(1) GDPR.
    3. Purpose of the data processingThe processing of personal data that we obtain from the input mask serves only to enable us to process your contact with us. If you contact us by email, there is also the required legitimate interest in the processing of data. The other personal data processed during the sending procedure serves to prevent misuse of the contact form and to ensure the security of our IT systems.
    4. Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose of its collection. This is the case for personal data from the input mask of the contact form and the personal data that was sent with the email, if the conversation concerned is finished with the user. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending procedure is deleted after a period of 14 days.
    5. Objection and removal optionThe user has the option at any time of withdrawing consent to the processing of personal data that concerns him or her. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such an event, the conversation cannot be continued.

      Please send an email to this effect to our Data Protection Officer ().

      All personal data that is stored in the course of your making contact with us is, in this instance, deleted.
  7. Plugins and tools
    1. Website analysis by Matomo (formerly PIWIK)
      1. Scope of the processing of personal data1. We use on our website the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the computer of the users. If individual pages of our website are accessed, the following data is stored:

        (1) Two bytes of the IP address of the user’s accessing system
        (2) The website accessed
        (3) The website from which the user has reached the accessed website (referrer)
        (4) The subsites, which are accessed by the accessed website
        (5) The length of time spent on the website
        (6) The frequency of access to the website.

        The software runs exclusively on the servers of our website. The personal data of users is not stored. The data is not passed on to third parties. The software is set so that the IP addresses are not stored completely, but rather 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, an association of the shortened IP address with the accessing computer is no longer possible.
      2. Legal basis for processing personal dataThe legal basis for processing the personal data of users is point (f) of Article 6(1) GDPR.
      3. Purpose of the data processingThe processing of the personal data of users enables us to analyse the surfing behaviour of our users. By analysing the captured data, we are able to compile information on the use of individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes include our legitimate interest in the processing of personal data pursuant to point (f) Article 6(1) GDPR. By analysing the IP address, the interest of users in having their personal data protected is sufficiently accounted for.
      4. Duration of storageThe data is deleted as soon as it is no longer needed for our recording purposes. In our case, this is after 180 days.
      5. Objection and removal optionCookies are stored on the user’s computer and transmitted from there to our website. Therefore, as the user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. If cookies are deactivated for our website, it is possible that not all of the functions of the website can be used in full. On our website, we offer our users the option of opting out of the analysis process.



        In this way, a further cookie is placed on your system, which signals our system not to store the user’s data. If, in the meantime the user deletes the particular cookie from our system, he or she must place the opt-out cookie again.
    2. JavaScript jQuery library
      1. Scope of the processing of personal dataThis website uses the JavaScript jQuery library, provided by the third-party provider jQuery Foundation to increase the load speed of our website and to give you a better user experience. This means that it is possible for your data to be processed outside of the EU. We have no influence over the scope of the data collected.
      2. Legal basis for processing personal dataThe legal basis for processing the personal data of users is point (f) of Article 6(1) GDPR
      3. Purpose of the data processingWe have no information on the purpose of the data collection and the further processing and use of the data.
      4. Duration of storageWe cannot give you any information on the duration of any possible storage of transferred data.
      5. Objection and removal optionYou can deactivate JavaScript in your browser settings or completely block the execution of scripts by installing JavaScript blocker, such as the browser plugin “NoScript” (www.noscript.net). This can, however result in function restrictions on websites you visit.
    3. Social media plugins (using “Shariff”)On our website, we offer you the option of using the social media plugins of companies:

      - Facebook Inc., 1601 South California Ave, Palo Alto, CA 94304, USA
      - „Tweet“-Button from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
      - “+1″-Button from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
      - WhatsApp Inc., 1601 Willow Road, Menlo Park, CA 94025, USA

      To protect your data, we rely on the implementation of the “Shariff” solution. Plugins are displayed on the website only as graphics, which contain a link to the respective website of the plugin provider. By clicking on the graphic, you are forwarded to the particular services of the above-mentioned providers. The Shariff button makes direct contact between the service and the user, if the user actively clicks on the graphic of the particular social media service. The selected service opens in a new window, in which the user (after login, if required) can share or like content. The query is therefore made from the server; instead of the visitor’s IP address, only the server address is transferred to the services. Provided you do not click on the relevant graphic, no exchange of any kind take place between you and the above-mentioned services and no data that concerns you is captured

      More information on the Shariff solution can be found at www.heise.de
    4. Font plugin Font Awesome
      1. Scope of the processing of personal dataThis website uses web fonts for the standard presentation of typefaces, which are provided by Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, US.

        The web fonts are transferred to the browser cache when the website is accessed so that they can be used to display the site. To this end, the browser you use must be linked to the servers of Fonticons, Inc. By doing this, Fonticons, Inc. gains knowledge of the following data:

        (1) Date and time of the visit to the website concerned,
        (2) Web address or URL of the accessed website,
        (3) IP address.
      2. Legal basis for processing personal dataWeb fonts are used in the interest of presenting our website in a uniform and attractive way. This represents a legitimate interest within the meaning of point (f) of Article 6(1) GDPR.
      3. Purpose of the data processingPlease obtain the scope and purpose of the data collection and the further processing and use of the data by Fonticons, Inc. at: www.fontawesome.com/privacy
      4. Duration of storageWe have no influence over the storage of the data transferred through Fonticons, Inc. and cannot give any information about the duration of storage.
      5. Objection and removal optionBy the use of our website, you state that you agree to the processing of the data that concerns you collected by Fonticons, Inc. in the way described above and for the purposes mentioned. If your browser does not support or stops the access of web fonts (e.g. through a script blocker), the text is displayed in a standard font
    5. Font plugin Adobe Typekit
      1. Scope of the processing of personal data This website uses web fonts by the Typekit service by Adobe for the standard display of fonts (https://typekit.com). Adobe Typekit is a service that enables access to a font library and is provided by the company, Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110, US.

        When you access a web page, your browser loads the necessary web fonts in your browser cache to display text and fonts correctly. To this end, the browser you use must be linked to the servers of Adobe Typekit. This gives Adobe Typekit knowledge that our website has been accessed via your IP address by means of the following data:

        (1) Date and time of the visit to the website concerned
        (2) Web address or URL of the accessed website
        (3) IP address.
      2. Legal basis for processing personal data Adobe Typekit web fonts are used in the interest of presenting our website in a uniform and attractive way. This represents a legitimate interest within the meaning of point (f) of Article 6(1) GDPR.
      3. Purpose of the data processing Please obtain the scope and purpose of the data collection and the further processing and use of the data from Adobe Typekit's data protection statement: https://www.adobe.com/de/privacy/policies/typekit.html
      4. Transmission to third countries Personal data is transmitted under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission in the US. You can download the certificate at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
      5. Duration of storage We have no influence over the storage of data transferred through Adobe Typekit and cannot give any information on the duration of storage.
      6. Objection and removal option By the use of our website, you state that you agree to the processing of the data that concerns you collected by Adobe Typekit in the way described above and for the purposes mentioned. If your browser does not support or stops the access of web fonts (e.g. through a script blocker), the text is displayed in a standard font.
    6. Interactive maps by Google Maps
      1. Scope of the processing of personal dataThis website uses Google Maps to display interactive maps and to create travel directions. Google Maps is a map service by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, US. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, can be transferred to Google. If you download a page on our website that contains Google Maps, your browser makes a direct connection to Google's servers. The map content is transmitted directly by Google to your browser and from there integrated into the website. Therefore, we have no influence over the scope of data collected by Google in this way. As far as we know, the following data, at least, are collected:

        (1) Date and time of the visit to the website concerned,
        (2) Web address or URL of the accessed website,
        (3) IP address,
        (4) (Start) address entered as part of route planning.
      2. Legal basis for processing personal dataThe legal basis for processing the personal data of users is point (f) of Article 6(1) GDPR.
      3. Purpose of the data processingPlease obtain information on the scope and purpose of the data capture and the further processing and use of the data from Google's data protection information at policies.google.com/privacy as well as the instructions for use of Google Maps www.google.com/intl/en_en/help/terms_maps.html.
      4. Transmission to third countriesPersonal data is transmitted under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission in the US. The certificate can be downloaded at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
      5. Duration of storageWe have no influence over the storage of the data transferred through Google and cannot give any information about the duration of storage.
      6. Objection and removal optionBy the use of our website, you state that you agree to the processing of the data that concerns you collected by Google Maps Route Planner in the way described above and for the purposes mentioned.
        If you do not want Google to process data that concerns you via our website, you can deactivate or block JavaScript. In this instance, however, you cannot use the map displays.
    7. YouTube video integration
      1. Scope of the processing of personal dataOur website uses the internet video portal YouTube of the provider YouTube LLC, 901 Cherry Avenue, San Bruno, California 94066, US, represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, US for integrating videos.

        Usually, if a website is accessed with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos with privacy-enhanced mode (in this instance, YouTube still makes contact with the double-click service by Google, whereby, according to Google's data protection statement, no personal data are analysed). Through this, no information about the visitor is stored by YouTube, unless you watch the video. If you click on the video, your IP address is transmitted to YouTube and YouTube learns that you have seen the video.

        If you are logged into YouTube, this information is associated with your user account (you can prevent this by logging out of YouTube before you download the video).
      2. Legal basis for processing personal dataWe use YouTube in the interest of presenting our technologies and products on our website in an attractive and self-explanatory way, so that we can inform people who are interested in our company comprehensively and in the best way possible. This represents a legitimate interest within the meaning of point (f) of Article 6(1) GDPR.
      3. Purpose of the data processing, duration of storage, objection and removal optionIf you watch the video, we gain no knowledge of any data that may be captured and processed by YouTube, and therefore have no influence over it. You can obtain more detailed information from YouTube’s data protection statement at http://www.google.de/intl/de/policies/privacy/. In addition, we refer you to our general description in this data protection statement for dealing with cookies generally and deactivating them.
  8. Data capture in the application process
    1. Scope of the processing of personal dataAn email address is provided on our website, which can be used for sending your application documents electronically. The data transmitted by email, is stored by us as the recipient and, if required, forwarded to the data controller within the company.
    2. Legal basis for processing personal dataThe legal basis for the processing of application data is the presence of consent by the user pursuant to point (a) of Article 6(1) GDPR.
    3. Purpose of the data processingThe data controller collects and processes personal data from applicants for the purposes of conducting the application process. The processing is carried out through electronic channels, if the applicant, as envisaged, transmits his or her application documents via the relevant application form or by email to the controller. If you send your application by email, there is also the required legitimate interest in the processing of data.
    4. Duration of storageIf the controller concludes an employment contract with an applicant, the data transmitted for the purpose of conducting the employment relationship is stored in compliance with statutory regulations. If the controller has not concluded an employment contract with the applicant, the application documents are automatically erased three months after the rejection decision has been made known, provided that no other legitimate interests conflict with an erasure.
    5. Objection and removal optionWith regard to the application documents sent to us, the rights of the data subject described below apply.
  9. Rights of the data subjectIf personal data that concerns you is processed, you are a data subject within the meaning of the GDPR and you have the following rights with regard to the data controller:
    1. Right of accessYou can request confirmation from the data controller about whether personal data that concerns you is processed by us. If such processing takes place, you can request the following information from the data controller:

      (1) the purposes for which the personal data is processed;
      (2) the categories of personal data that is processed;
      (3) the recipients or categories of recipient to whom the personal data has been or will be disclosed;
      (4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
      (5) the existence of a right to request from the data controller rectification or erasure of personal data, a right to the restriction of processing of personal data concerning the data subject or to object to such processing;
      (6) the existence of a right to complain to a supervisory authority;
      (7) all available information about the origin of the data where the personal data is not collected from the data subject;
      (8) the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and effects aspired to by processing of this kind.

      You have the right to information about whether personal data was transmitted to a third country or to an international organisation. In this connection, you have the right to be informed of suitable guarantees in connection with the transfer pursuant to Article 46 GDPR.
    2. Right to rectificationYou have a right to rectification and/or completion by the controller, provided the processed personal data that concerns you is inaccurate or incomplete. The data controller must carry out the rectification without undue delay.
    3. Right to restrict processingSubject to the following prerequisites, you can request the restriction of processing of the personal data that concerns you:

      (1) if you can test the accuracy of the personal data that concerns you for a period that enables the controller to check the accuracy of the personal data;
      (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
      (3) the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
      (4) if you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the data controller override those of the data subject.

      If the processing of the personal data that concerns you is restricted, this data may – apart from its storage – be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or on grounds of public interest of the Union or a member state. If the restriction of the processing is carried out in accordance with the above-mentioned prerequisites, you are notified by the data controller before the restriction takes place.
    4. Right to erasure
      1. Erasure obligationYou can request that the data controller erases personal data that concerns you without undue delay, and the data controller is obliged to erase this data without undue delay, provided one of the following reasons applies:

        (1) The personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed.
        (2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal basis for the processing.
        (3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
        (4) The personal data has been unlawfully processed.
        (5) The personal data has to be erased for compliance with a legal obligation in Union or member state law to which the controller is subject.
        (6) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
      2. Information given to third partiesIf the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
      3. ExceptionsThe right to erasure does not exist, provided the processing is required

        (1) for exercising the right of freedom of expression and information;
        (2) for compliance with a legal obligation, which requires the processing in accordance with the law of the Union or member states to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
        (3) for reasons of public interest in the area of public health pursuant to point (h) of Article 9(2) and Article 9(3) GDPR;
        (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, provided that the right mentioned under section a) probably makes the realisation of the goals of this processing impossible or seriously impairs it, or
        (5) for the establishment, exercise or defence of legal claims.
    5. Right to notificationIf you have asserted your right to obtain rectification, erasure or restriction of your personal data from the data controller, the controller is obliged to notify all the recipients to whom the personal data affected was disclosed of this rectification or erasure of the data or the restriction of the processing, unless this proves impossible or involves disproportionate effort. You have the right to request that the controller notifies you of these recipients.
    6. Right to data portabilityYou have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, provided

      (1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) Article 9(2) GDPR or on a contract pursuant to point (b) Article 6(1) GDPR and
      (2) the processing is carried out by means of automated processes.

      In exercising this right, you have the further right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    7. Right to object7. You have the right for reasons resulting from your special situation to object to the processing of personal data that concerns you, pursuant to point (e) or (f) of Article 6(1) GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process the personal data that concerns you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerned for the purpose of this sort of advertising; this also applies to profiling, provided it is connected to such direct advertising. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. You have the option, in connection with the use of services of the information society – notwithstanding Directive 2002/58/EU – to exercise your right to object by means of automated processes in which technical specifications are used.
    8. Right to withdraw consent regarding data protection lawYou have the right to withdraw your consent regarding data protection law at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the point of withdrawal;
    9. Automated individual decision-making, including profilingYou have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply, if the decision

      (1) is necessary for entering into, or performance of, a contract between the you and the data controller;
      (2) is authorised by Union or member state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
      (3) is based on your explicit consent.

      However, decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, provided point (a) or (g) of Article 9(2) do not apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision.
    10. Right to lodge a complaint with a supervisory authorityIf you consider that the processing of personal data relating to you infringes the GDPR, you have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the member’s state of your habitual residence, place of work or place of the alleged infringement. The supervisory authority where the complaint was lodged, informs the complainant of the status and results of the complaint including the possibility of judicial remedy pursuant to Article 78 GDPR.
  10. Date of/changes to the data protection statementUsers are requested to keep themselves informed regularly about the contents of the data protection statement.
    1. Changes to the data protection statementWe reserve the right to change this data protection statement to adapt to changed legal positions or changes to the services and the data processing. However, this only applies in respect of statements on data processing. Provided user consents are required or components of the data protection statement contain regulations of the contractual relationship with users, changes are made only with the agreement of users.
    2. Date of the data protection statementThis data protection statement is currently valid as of 06/07/2018.