Privacy Policy

 

Data protection

I. Name and address of the person responsible and the supervisory authority

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Robert Hyde
H.-H.-Meier-Allee 51
28213 Bremen
Germany
Email: rob@rob-hyde.com
Website: www.rob-hyde.com

The supervisory authority responsible for the person responsible is

The State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen
Arndtstrasse 1
27570 Bremerhaven
Tel.: 0471 596 2010 or 0421 361 2010
Fax: 0421 496 18495
Email: office@datenschutz.bremen.de

 

II. Terms
Our privacy policy should be easy to read and understand. For this reason, the terms used in this declaration are explained first.

We use the following terms, among others, in this data protection declaration and on our website:

 

1. Personal Data
Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

 2. Data Subject
Affected person is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

3. Processing
Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, organizing, storing, adapting or changing, reading out, querying, using, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

4. Profiling
Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict that natural person’s preferences, interests, reliability, behavior, whereabouts or relocation.

5. Controller or data controller
The person responsible or responsible for processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

6. Processors
Processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.

7. Recipient
Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

8. Consent
Consent is any expression of will voluntarily given by the data subject in an informed manner and unequivocally for the specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data is.

I. General information on data processing
1. Scope of processing of personal data
In principle, we only collect and use personal data from our users to the extent that this is necessary to provide a functioning website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

Our website is not directed to minors and we do not knowingly collect personal information from minors.

If persons under the age of 16 transmit personal data to us, this is only permitted if the legal guardian has consented or has consented to the consent of the young person. For this purpose, according to Art. 8 Para. 2 DSGVO, we must be given the contact details of the legal guardian in order to convince us of the consent or the consent of the legal guardian. This data and the data of the minor will then be processed in accordance with this data protection declaration.

If we discover that a minor under the age of 16 has sent us personal data without the consent of the legal guardian or the consent of the minor, we will delete the data immediately.


2. Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.

Pursuant to Article 21 GDPR, the data subject has the right, for reasons arising from his particular situation, to object at any time to the processing of personal data relating to him, which is based on Article 6 Paragraph 1 f GDPR (data processing on the basis of a weighing of interests) takes place to lodge an objection. If the data subject files an objection, the person responsible will no longer process his or her personal data, unless the person responsible can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert or exercise or defense of legal claims. The objection can be made in any form and can be addressed to the contact details given under Section I.

 

3. Data Erasure and Storage Duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

II. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected here:

(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's internet service provider
(4) The IP address of the user
(5) Date and time of access

2. Legal basis for data processing
The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f GDPR.


3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR also lies in these purposes.

Pursuant to Article 21 GDPR, the data subject has the right at any time, for reasons arising from his or her particular situation, to object to the processing of personal data relating to him or her, which is based on Article 6 Paragraph 1 f) GDPR (data processing on the basis a weighing of interests) takes place to file an objection. If the data subject files an objection, the person responsible will no longer process his or her personal data, unless the person responsible can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert or exercise or defense of legal claims. The objection can be made informally and should be addressed to the contact details given under Section I.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.


4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

 

5. Possibility of objection and elimination

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

I.Use of Cookies


1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and are referred to this data protection declaration. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this data protection declaration.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 Para. 1 lit. a GDPR if the user has given their consent.

3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR also lies in these purposes.

Pursuant to Article 21 GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of personal data relating to you, which is based on Article 6 Paragraph 1 f GDPR (data processing on the basis of a balance of interests) takes place to lodge an objection.


4. Duration of storage, possibility of objection and removal
Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

The respective browser information can be found, for example, under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
https://support.mozilla.org/de/kb/cookies-allow-and-reject
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Opera: http://help.opera.com/Windows/10.20/de/cookies.html

I. Contact form and email contact

1. Description and scope of data processing
There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These dates are:

•    Surname
•    E-mail address
• Subject and message
At the time the message is sent, the following data is also stored:
• The IP address of the user
• Date and time of registration

Alternatively, contact via the provided e-mail address (so-called mailto link) is possible. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

2. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection and elimination
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. You can send the objection informally to the e-mail address given under "Responsible".

All personal data that was saved in the course of making contact will be deleted in this case.

 

I. Hosting
This website is hosted by an external service provider. Personal data collected on this website is stored on the host's servers. This can be v. a. IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para 1 lit. f GDPR).

Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions in relation to this data.

We use the following hoster: Wix.com Ldt.

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

II. Google Web Fonts

1. Description and scope of data processing
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website was accessed via your IP address. If your browser does not support web fonts, a standard font will be used by your computer.

2. Legal basis for data processing
The use of Google Web Fonts takes place on the basis of consent within the meaning of Article 6 (1) (a) GDPR. The consent can be revoked at any time

3. Purpose of data processing
We use Google Web Fonts to display our content correctly and graphically appealing across browsers and to enable fast surfing.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: https://policies.google.com/privacy?hl=de.

III. Google Tag Manager
1. Description and scope of data processing
The Google Tag Manager is a tool that we can use to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save any cookies and does not carry out any independent analyses. It is only used for the administration and display of the tools integrated via it.

Google Tag Manager processes personal data in the form of your IP address. Further information on data processing by Google can be found in the Google Tag Manager terms of use: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ and in Google’s data protection declaration: https://policies .google.com/privacy?hl=de

In order to ensure data protection-compliant processing, we have concluded an order processing contract with Google for the use of Google Tag Manager.

2. Legal basis for data processing
The legal basis for the processing of personal data using Google Tag Manager is the user's consent in accordance with Article 6(1)(a) GDPR. The consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent up to the revocation.

 

3. Purpose of data processing
We use Google Tag Manager to load tools such as Google Analytics or Google Maps after consent has been given.

4. Duration of storage
Data stored by Google at the user and event level that is linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are stored after 14 months at the earliest anonymized or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/7667196?hl=de


I. Social media

Facebook
Our website uses a button and links to the Facebook network (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). The button is marked with the Facebook logo. However, this is not a social plugin, but a button with a stored link. The button or link must be activated (clicked) separately by the user. As long as these are not clicked on, no data will be transmitted to Facebook. Only when the user clicks on the button or link and thus declares his consent to communication with the server of the social network does the button/link become active and the connection is established. The user is then no longer on our website. Facebook receives information that the user has reached the Facebook login page from our website. It is not known whether, and if so for what purpose, Facebook is able to combine this information into a user profile.

If the user wants to avoid Facebook receiving data via the link, he may not click on this button/link.

We have no influence on the data and data processing operations collected by Facebook and are not responsible for this data processing and in this regard also not responsible within the meaning of the GDPR. We are also not aware of the full scope of the data collection, its legal basis, the purposes and the storage periods. Therefore, the information provided here is not necessarily complete.

To our knowledge, the provider Facebook stores this data in usage profiles, which it uses for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about the user's activities on our website. The user has the right to object to the creation of these user profiles. In order to exercise this right of objection, he must contact Facebook. The purpose and scope of the data collection and the further processing and use of the data by the respective social network as well as your rights in this regard and setting options for protecting your privacy can be found in the information on Facebook at http://www.facebook.com/about/privacy.
LinkedIn
Our website uses a button and links to the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. However, this is not a social plugin, but a button with a stored link. The button or link must be activated (clicked) separately by the user. As long as these are not clicked on, no data will be transmitted to LinkedIn. Only when the user clicks on the button or link and thus declares his consent to communication with the server of the social network does the button/link become active and the connection is established. The user is then no longer on our website. LinkedIn receives information that the user has reached the LinkedIn login page from our website.

If the user wants to avoid LinkedIn receiving data via the link, he/she may not click on this button/link.

We have no influence on the data and data processing operations collected by LinkedIn and are not responsible for this data processing and in this regard also not responsible within the meaning of the GDPR. We are also not aware of the full scope of the data collection, its legal basis, the purposes and the storage periods. Therefore, the information provided here is not necessarily complete.
For more information, see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

Twitter
Our website uses a button and links to the Twitter network. Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter buttons and their appearance can be found here: https://about.twitter.com/en_us/company/brand-resources.html However, this is not a social plugin, but a button with a stored Link. The button or link must be activated (clicked) separately by the user. As long as these are not clicked on, no data will be transmitted to LinkedIn. Only when the user clicks on the button or link and thus declares his consent to communication with the server of the social network does the button/link become active and the connection is established. The user is then no longer on our website. LinkedIn receives information that the user has reached the Twitter login page from our website.

If the user wants to avoid Twitter receiving data via the link, he/she may not click on this button/link.

We have no influence on the data and data processing operations collected by LinkedIn and are not responsible for this data processing and in this regard also not responsible within the meaning of the GDPR. We are also not aware of the full scope of the data collection, its legal basis, the purposes and the storage periods. Therefore, the information provided here is not necessarily complete.


I. Rights of the data subject
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Right to information
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.
If such processing is present, you can request information from the person responsible for the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

 

2. Right to Rectification
You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

3. Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.
If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

 

4. Right to erasure

a) Obligation to delete

You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing.
(3) You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
(4) The personal data concerning you was processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

b) Information to third parties

If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to erasure does not exist if processing is necessary

(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller became;
(3) for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para
(5) to assert, exercise or defend legal claims.

5. Right to Information
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

 

6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

 

7. Right to Object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

 

8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

9. Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is permitted by law of the Union or the Member States to which the person responsible is subject and this law contains appropriate measures to protect your rights and freedoms and your legitimate interests or
(3) with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 Paragraph 1 GDPR unless Article 9 Paragraph 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates violates the GDPR.

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.