Data protection statement pursuant to the GDPR, applicable from 25 May 2018

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other Member State national data protection laws and other provisions under data protection law is:

Perigon GmbH
Kreuzauer Str. 33
52355 Düren
Deutschland
Tel.: 02421 597 500
E-Mail: info@perigon3d.com
Website: www.perigon3d.com

II. General information on data processing

    1. Scope of the processing of personal data

We process our users’ personal data only to the extent that this is required to provide a functional website and our content and services. Our users’ personal data is usually only processed with the user’s consent. An exception applies in those cases where it is not possible to obtain consent in advance for practical reasons or the processing of data is permitted in accordance with statutory provisions.

    2. Legal basis for the processing of personal data

If we obtain consent from the data subject for processing, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR). If the processing of personal data is required to perform a contract to which the data subject is a party, the legal basis is Article 6(1)(b) GDPR. This also applies to processing required to implement pre-contractual measures.
If personal data has to be processed to comply with a legal obligation to which our company is subject, the legal basis is Article 6(1)(c) GDPR.
If the data subject’s or another natural person’s vital interests necessitate the processing of personal data, the legal basis is Article 6(1)(d) GDPR.
If processing is necessary to safeguard our company’s or a third party’s legitimate interest and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, the legal basis for the processing is Article 6(1)(f) GDPR.

    3. Transmission to third countries

If we process data in a third country [i.e. outside the European Union (EU) or the European Economic Area (EEA)], or if this is done as part of using the services of third parties or disclosure or transmission of data to third parties, it will only take place if it is done to fulfil our (pre-)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Conditionally upon statutory or contractual permissions, we only process or store the data in a third country if the special conditions of Art. 44 ff. GDPR are met.

    4. Data deletion and storage period

The data subject’s personal data is deleted or blocked once the purpose of storage no longer applies. After this, data may be stored where the European or national legislator provides for this in Union regulations, laws or other provisions to which the controller is subject. Data is also blocked or deleted if a storage period prescribed by the standards mentioned expires, unless it is necessary to continue to store the data for conclusion of a contract or for performance of a contract.

III. Provision of the website and creation of log files

    1. Description and scope of data processing

Every time our website is accessed, our system automatically records data and information from the requesting computer’s system. The following data is collected in the process:

Information on the browser type and the version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites that the user’s system accesses via our website
- The data is also stored in our system’s log files. This data is not stored together with the user’s other personal data.

    2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

    3. Purpose of data processing

The system has to store the IP address temporarily to allow the website to be delivered to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Storage in log files serves to ensure the functionality of the website. We also use the data to improve the website and to guarantee the security of our IT systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR also lies in these purposes.

    4. Storage period

Data is deleted once it is no longer required to achieve the purpose of its collection. Where data is recorded in order to provide the website, this is the case when the relevant session ends.
Where data is stored in log files, this is the case after a maximum of thirty days. Further storage is permitted. In such cases, users’ IP addresses will be deleted or distorted such that the data can no longer be assigned to the requesting client.

    5. Opportunity to object and delete

The recording of data to provide the website, and the storage of data in log files, is required to operate the website. The user therefore does not have an opportunity to object.

IV. Use of cookies

    1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored on the internet browser or on the user’s computer system by the internet browser. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a string that allows the browser to be identified clearly when the website is accessed again.

We use cookies to make our website more user-friendly. For some website elements, it must be possible to identify the requesting browser even after the user has moved to a different page.

The following data is stored and transmitted in the cookies:

(1) Protection against cross-site request forgery attacks.
(2) Cookieconsent to monitor cookie setting.

We also use cookies on our website that enable an analysis of the user's surfing behaviour. In this way, the following data can be transmitted:

Necessary Cookies Description Supplier Link Period
SERVERID
Server

language This cookie stores your language preference.



displayedCookies
Notification



1 month
cookiesEnabledCheck


oilD1 day
remote_sidSet as soon as a Youtube video is embedded and/or played on our site. Enables the correct functionality of these Youtube videos.Youtubehttps://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=637284148116930027-4206355185&rd=1Session duration
oiLocalTimeZone



Browser session

Cookies Typ
Marketing
Description Provider Link Period
IDE
Cookie from Double Click (Google), which allows us to analyse and optimise our advertising campaigns.
Google https://policies.google.com/privacy
1 year
1P_JAR
These cookies track how you use our website to show you advertisements that may be of interest to you.
Google https://policies.google.com/privacy
1 month
Conversion
This cookie stores every conversion you make on our site after coming to us through a Google Ad.
Google https://policies.google.com/privacy
3 months
test-cookie
Cookie from DoubleClick is used to check whether the user's browser supports cookies.
Google https://policies.google.com/privacy
1 day
GPS
Cookie that allows Youtube to track mobile devices based on GPS data.
Youtube https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=637284148116930027-4206355185&rd=1
30 minutes
_gac_UA-2092954-2
Information about the user. A connection was established between Google Analytics and Google Ads account. Google Ads thus reads cookies to track conversions.
Google
https://policies.google.com/privacy
3 months


Cookies Typ Analysis Description Provider Link Period
_gid
Google Analytics | Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.
Google https://policies.google.com/privacy
1 day
_ga
Google Analytics | Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.
Google https://policies.google.com/privacy
2 years
CONSENT
We offer YouTube videos on our websites. This cookie allows YouTube to collect usage information from YouTube hosted videos.
Youtube/Google
https://policies.google.com/privacy
18 years
YSC
Registers a unique ID to store statistics about which videos from YouTube the user has watched.
Youtube
https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=637284148116930027-4206355185&rd=1
infinite



Cookies Typ External Provider Description Provider Link Period
_gat_UA-2092954-2
Google Analytics cookie for throttling the number of requests.
Google

https://developers.google.com/analytics/devguides/collection/
analyticsjs/cookie-usage

1 minute
NID

This cookie enables Google to collect usage information from Google Maps hosted mapping services.

Google https://policies.google.com/privacy
1 year
AID
This cookie enables Google to collect usage information from Google Maps hosted mapping services.
Google https://policies.google.com/privacy
3 months
VISITOR_INFO1_LIVE
This cookie allows Youtube to check bandwidth usage.
Youtube
https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=637284148116930027-4206355185&rd=1
5 months
LOGIN_INFO
This cookie enables YouTube to collect usage information for videos hosted by YouTube.
Youtube
https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=637284148116930027-4206355185&rd=1
2 years
APISID
Google tracks users' movements extensively, both through its own products and websites and through the wide range of technologies integrated into millions of websites worldwide. Most of the data collected via these services is used to determine the interests of web users. Based on these interest profiles, advertising space is sold to companies. For pages where advertisements from clients appear, these ads are matched with the content of the pages.Youtube/Google
https://policies.google.com/privacy
Session duration


CONSENT
We offer YouTube videos on our websites. This cookie allows YouTube to collect usage information from YouTube hosted videos.
Youtube
https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=637284148116930027-4206355185&rd=1
18 years
HSID
Used by Google in combination with SID to verify Google user account and last login time.
Youtube/Google
https://policies.google.com/privacy
Session duration
LOGIN_INFO
YouTube collects user data about videos embedded in websites, which is merged with profile data from other Google services. This allows targeted advertising to be displayed to website visitors across a wide range of its own and third-party websites.
Youtube
https://support.google.com/youtube/answer/7671399?=privacy_guidelines&hl=de&visit_id=
637284148116930027-4206355185&rd=1
Session duration


Cookies Typ External Provider
Description Provider Link Period
SAPISID
Google tracks users' movements comprehensively - both via its own products and websites and with the help of the diverse technologies integrated into millions of websites worldwide.
Youtube
https://policies.google.com/privacy
1 year
SID
Google uses cookies such as the NID and SID cookies to customise advertising in Google products such as Google Search. For example, we use such cookies to record your recent searches, your previous interactions with an advertiser's ads or search results, and your visits to an advertiser's website. This allows us to show you individually tailored advertising on Google.
Youtube/Google
https://policies.google.com/privacy
Session duration
SIDCC
Used to store information about how you use the website and what advertisements you have seen before visiting this website, and to customise advertising on Google resources by remembering your recent searches, your previous interactions with an advertiser's ads or search results, and your visits to an advertiser's website.
Youtube/Google
https://policies.google.com/privacy
Session duration
SSID
Google tracks users' movements extensively - both via its own products and websites and with the help of the diverse technologies integrated into millions of websites worldwide. Most of the data collected via these services is used to determine the interests of web users. Based on these interest profiles, advertising space is sold to companies. For pages where advertisements from clients appear, these ads are matched with the content of the pages.
Youtube/Google
https://policies.google.com/privacy
1 year
__Secure-3PAPISID
Used for targeting purposes to profile the interests of website visitors in order to display relevant and personalised Google advertising.
Youtube/Google
https://policies.google.com/privacy
2 years
__Secure-3PSID
Used for targeting purposes to profile the interests of website visitors in order to display relevant and personalised Google advertising.
Youtube/Google
https://policies.google.com/privacy
2 years
__Secure-APISID
Used for targeting purposes to profile the interests of website visitors in order to display relevant and personalised Google advertising.
Youtube/Google
https://policies.google.com/privacy
1 month
__Secure-HSID
Used for security purposes to store digitally signed and encrypted records of a user's Google Account ID and last login time, enabling Google to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorised parties. This can also be used for targeting purposes to display relevant and personalised advertising content.
Youtube/Google
https://policies.google.com/privacy
1 month
__Secure-SSID
Used to store information about how you use the website and what advertisements you have seen before visiting this website, and to customise advertising on Google resources by remembering your recent searches, your previous interactions with an advertiser's ads or search results, and your visits to an advertiser's website.
Youtube/Google
https://policies.google.com/privacy
1 month

    2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.

    3. Purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some functions on our website cannot be offered if cookies are not used. For these, it must be possible to recognise the browser even after the user has moved to a different page.

We require cookies for the following applications:
- Adopting language and view settings
- Remembering search terms
- Storing login details

The user data collected by technically necessary cookies is not used to create user profiles.
Our legitimate interest in the processing of personal data pursuant to Article 6(1)(f) GDPR also lies in these purposes.

    4. Storage period, opportunity to object and delete

Cookies are stored on the user’s computer and transmitted to our website from there. Therefore, as a user you have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by amending the settings on your internet browser. You can delete stored cookies at any time. This can also be done automatically. If cookies are deactivated for our website, users may not be able to use all of the website’s functions in full.

V. Contact form and email contact

    1. Description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If the user makes use of this option, the data entered on the input screen is transmitted to us and stored.
Users can also contact us using the email addresses provided. Users’ personal data transmitted with the email is also stored in such cases.
If another company in the group is responsible in this respect, the data will be passed on to third parties within the group. The data is used exclusively to process the conversation.

    2. Legal basis for data processing

The legal basis for processing the data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. If the query is forwarded within the joint-venture, the legal basis is Article 6(1)(f) GDPR.

    3. Purpose of data processing

The personal data from the input screen is processed solely to process the communication. If contact is made by email, this also constitutes the required legitimate interest in the processing of data.

    4. Storage period

Data is deleted once it is no longer required to achieve the purpose of its collection. For personal data transmitted by email, this is the case when the relevant conversation with the user has ended. The conversation has ended when it is evident from the circumstances that the relevant matter has definitively been dealt with. The personal data additionally collected in the transmission process is deleted after no more than seven days.

    5. Opportunity to object and delete

Users are free at all times to withdraw their consent to the processing of personal data. The conversation cannot be continued in such cases.
Users may withdraw their consent using the same email address or by letter in writing. All personal data stored in the course of communication is deleted in this case.

VI. Web analysis

by A1WebStats

We use website analytics software to help us to understand movements of visitors on our website.  This allows us to refine the effectiveness of our website so that it provides the best experience for our visitors.   Part of our website analytics software tracks the IP address of the visitor.  This does not identify the individual person on the website, but can sometimes identify the name of the organisation who has visited.  At no point are the personal details of visitors identified.

by Google Analytics

    1. Description of the processing of personal data

We use Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google uses cookies. The information generated by the cookie about users’ use of the website is usually transmitted to and stored on a Google server in the US.
We only use Google Analytics with activated IP anonymisation. This means that Google will abbreviate users’ IP addresses within Member States of the European Union and in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the entire IP address transmitted to a Google server in the US and abbreviated there. The IP address transmitted from the user’s browser is not combined with other data held by Google.
Further information on Google’s use of data for advertising purposes, settings options and opportunities to object can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners/ (‘How Google uses data when you use our partners’ sites or apps’), http://www.google.com/policies/technologies/ads (‘Data use for advertising purposes’), http://www.google.de/settings/ads (‘Control the information Google uses to show you ads’) and http://www.google.com/ads/preferences/ (‘Take control of your Google ads experience’).
Further information on the terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html.

    2. Legal basis for the processing of personal data


The legal basis for the use of Google Analytics is Section 15(3) of the German Telemedia Act (TMG) and Article 6(1)(f) GDPR.

    3. Purpose of data processing

Google uses this information on our instruction to analyse users’ use of our website, to compile reports on website activities, and to perform for us other services associated with website use and internet use. In this context, pseudonymous user profiles may be created for users using the processed data.

    4. Storage period

The data we transmit and the data linked to cookies, user IDs or advertising IDs is automatically deleted after 14 months. Once its retention period ends, data is deleted automatically once a month.

    5. Opportunity to object and delete

Users can prevent the storage of cookies using the corresponding setting on their browser software and can also prevent Google from collecting data generated by the cookie and relating to their use of the website and from processing this data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.


VII. Google Ads Remarketing

    1. Description and purpose of the processing of personal data

We use the remarketing function within the Google Ads service. With the remarketing function, we can present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores a code in a cookie on the systems of users who visit certain Google services or websites in the Google display network. This code is used to record the visits of these users. This code is used to uniquely identify a web browser on a specific end device and not to identify a person; personal data is not stored.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy.

    2. Legal basis for the processing of personal data

We process the data to protect legitimate interests in accordance with Art. 6 (1) lit. f DSGVO.

    3. Duration of storage

Remarketing cookies set via this website have a lifespan of up to one month.

    4. Objection and removal options

You can prevent participation in this tracking procedure in various ways:

(a) by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin;

b) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads" via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies;

c) by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin;

d) by means of appropriate cookie settings in your browser. Please note that in this case you may not be able to use all the functions of this website to their full extent.

VIII. Google Data Studio

    1.  Description of the processing of personal data

We visualise data on visitor behaviour on our website www.sihl-direct.de in the form of graphical reports. The data processed here originates from the web analysis service Google Analytics (see VIII) and Google Ads (see IX). Further information on the use of Google Data Studio can be found in Google's instructions.

    2. Legal basis for the processing of personal data

We process the data to protect legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO.

    3. Purpose of the data processing

We process the data to visualise visitor behaviour in the form of summary statistical graphics.

    4. Duration of storage

The data is retained by Google for 14 months. Perigon only stores reports, these do not contain any personal data.

    5. Objection and removal options

For technical reasons, the evaluation of your data can only be prevented by objecting to the use of Google Analytics in section VIII and Google Ads in section IX.


IX. Embedded Youtube Videos

    1. Description of the processing of personal data

YouTube components are integrated on this website. YouTube is an online video portal that allows video publishers to upload video clips free of charge and allows other users to watch, rate and comment on these free of charge. YouTube allows all types of videos to be published. Entire films and TV programmes, but also music videos, trailers and videos made by users themselves can therefore be accessed on the portal.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Every time an individual page on this website that is operated by us and on which a YouTube component (YouTube video) has been integrated is accessed, the internet browser on the data subject’s IT system will automatically be prompted by the YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be accessed at https://www.youtube.com/yt/about/de/. In this technical process, YouTube and Google will be informed which specific subpage on our website was visited by the data subject.

If the data subject is logged in on YouTube at the same time, YouTube will recognise which specific subpage on our website was visited by the data subject when this subpage containing a YouTube video is accessed. This information is collected by YouTube and Google and assigned to the data subject’s YouTube account.

Via the YouTube component, YouTube and Google are always informed that the data subject visited our website if the data subject is logged in on YouTube at the time our website is accessed. This happens irrespective of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they may prevent this transmission by logging out of their YouTube account before accessing our website.

The data protection guidelines published by YouTube – which can be accessed at https://www.google.de/intl/de/policies/privacy/ – provide information on the collection, processing and use of personal data by YouTube and Google.

    2. Legal basis of processing

YouTube is used in order to attractively present our online services. This is in our legitimate interest pursuant to Article 6(1)(f) GDPR.

    3. Purpose of processing

We use YouTube videos to show interested users various elements of our company, such as our produced products.

    4. Opportunity to object and delete

YouTube videos are accessed voluntarily. For technical reasons, users do not have an opportunity to object when using the service

X. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

    1. Right of access

You have the right to obtain confirmation from the controller as to whether we are processing personal data concerning you and, where that is the case, you have the right to obtain access from the controller to the following information:

(1)          the purposes of the processing;

(2)          the categories of personal data concerned;

(3)          the recipients or categories of recipient to whom the personal data concerning you has been or will be disclosed;

(4)          the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;

(5)          the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;

(6)          the existence of the right to lodge a complaint with a supervisory authority;

(7)          all available information regarding the source of the personal data where this is not collected from the data subject.

You have the right to obtain information on whether the personal data concerning you is transmitted to a third country or an international organisation. In this respect, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

    2. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must rectify the data without delay.

    3. Right to restriction of processing


Under the following conditions you have the right to obtain restriction of processing of the personal data concerning you:

(1)          you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2)          the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3)          the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or

(4)          you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of the personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

    4. Right to erasure

        a.  Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without delay and the controller is obliged to erase this data without delay where one of the following grounds applies:

(1)          The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2)          You withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.

(3)          You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4)          The personal data concerning you has been unlawfully processed.

(5)          The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6)          The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

        b.  Disclosure of information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, the data subject, have requested the erasure of any links to, or copy or replication of, this personal data.

        c.  Exceptions

The right to erasure does not exist to the extent that processing is necessary

(1)          for exercising the right of freedom of expression and information;

(2)          for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3)          for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;

(4)          for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5)          for the establishment, exercise or defence of legal claims.

    5. Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you so request.

    6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

(1)          the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b), and

(2)          the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

    8. Right to withdraw a declaration of consent

You have the right to withdraw your declaration of consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

    9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1)          is necessary for entering into, or performance of, a contract between you and the controller;

(2)          is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3)          is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

    10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.