Privacy policy according to the GDPR

Name and address of the responsible party:
The party responsible in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

Nuclear Blast GmbH
Oeschstr. 40
73072 Donzdorf
Deutschland
Tel.: + 49(0)7162-9280-26
info@nuclearblast.de
Website: www.nuclearblast.de

Name and address of the data protection officer
The data protection officer for the responsible party is:

Thomas Steiner
steiner-projects
E-Mail: thomas.steiner@steiner-projects.de

1. General information about data processing

Extent of processing of personal data
In general, we collect and use personal data of our users only to the extent that is necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place only upon the consent of the user. An exception applies to cases in which prior consent can not be obtained for real reasons and the processing of the data is permitted by law.

Legal basis for the processing of personal data
Insofar as we obtain consent of the person in question for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis.
For the processing of personal data necessary for the execution of a contract to which the contracting party ist the person in question, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing of measures required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c GDPR serves as legal basis.
In the event that vital interests of the person in question or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the person in question do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.

Data deletion and storage duration
The personal data of the person in question will be deleted or blocked as soon as the purpose of the storage is void. In addition, such storage may ensue due to European or national legislatoion in EU regulations, laws or other regulations to which the responsible party is subject to. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for execution or fulfillment of a contract.
To top

2. Provision of the website and creation of log files

Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting device.
The following data is collected here:

(1) Information about the browser type and version used
(2) The operating system of the user
(3) The internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the system of the user is forwarded to our website
(7) Websites accessed by the user’s system through our website

The data is also stored in the log files of our system. A storage of this data along with other personal data of the user does not take place.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. Therefore, the user’s IP address must be stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website’s functionality and to ensure the security of our information technology systems. A utilization of the data for marketing purposes does not take place in this context.

Herein lies our legitimate interest in the data processing according to Art. 6 para. 1 lit. f GDPR.

Duration of storage
The data will be deleted as soon as its collection is no longer necessary to achieve the purpose. In the case of collecting the data for providing of the website, this applies when the respective session is completed.

In the case of storing the data in log files, this applies after no more than twenty-eight days.

Option of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no option of objection on the part of the user.

To top

3. Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser, respectively the internet browser on the user’s device’s system. When a user visits a website, a cookie may be stored in the user’s operating system. This cookie contains a characteristic data string that allows the browser to be uniquely identified when the website is reopened.
We use cookies to make our website more user friendly. Some elements of our website require that the requesting browser be identified even after a page switch.

The following data is stored and transmitted in the cookies:
(1) Language Settings
(2) Items in a shopping cart
(3) log-in information

In addition, we use cookies on our website that allow an analysis of users’ browsing behavior.

By these means, the following data can be transmitted:
(1) Entered search terms
(2) Frequency of page views
(3) Use of Website Features

The data of the users collected in this way are pseudonymized by technical precautions. Therefore, an association of the data with the requesting user is no longer possible. The data will not be stored along with other personal data of the users.

When you visit our website, users are informed by an info banner about the use of cookies for analysis purposes and are referred to this privacy statement. In this context, there is also advice of how the storage of cookies in the browser settings can be prevented.

Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.

Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website can not be offered without the use of cookies. For these features, it is necessary that the browser is recognized even after a page switch.

We require cookies for the following applications:
(1) Shopping basket
(2) Adoption of language settings
(3) Memorizing of search terms
(4) Accessed article pages

The user data collected through technically necessary cookies will not be used to create user profiles.

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. We learn by analiyzing the cookies how the website is used which enables us to constantly optimize our offerings.
The exact purpose of the analysis cookies can be requested here: info@nuclearblast.de

Herein lies our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

Duration of storage, objection and removal options
Cookies are stored on the device of the user, which transmits them to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to utilize all functionality of the website to the fullest.
To top

4. Newsletter

Description and scope of data processing
Our website gives you the option to subscribe to a free newsletter. When you sign up for the newsletter, the data from the input template (which is your e-mail address only) will be sent to us.

In addition, the following data is collected upon registration:

(1) IP address of the requesting device
(2) Date and time of registration
(3) All data from the order history and the customer’s profile

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

In connection with the processing of data for the purpose of distributing newsletters, no data is discclosed to third parties. The data will be used exclusively for distribution of the newsletter and for internal statistical purposes.

Legal basis for data processing
The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR, if the user has given consent.

Purpose of data processing
The collection of the user’s e-mail address serves to deliver the newsletter.

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.

Duration of storage
The data will be deleted as soon as it is no longer needed for the purpose of its collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.
Any other personal data collected during the registration process will generally be deleted after a period of seven days.

Option of objection and removal
Subscription to the newsletter may be terminated at any time by the user in question. For this purpose, there is a corresponding link provided in each newsletter.

This also allows a revocation of the consent to the storage of the personal data collected during the registration process.

Newsletter tracking
Our newsletters contain so-called web beacons. A web beacon is a miniature graphic that is embedded in such e-mails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded pixel/beacon, the company can detect if and when an e-mail was opened by you and which links in the e-mail were opened by you.

Such personal data collected via the web beacons contained in the newsletters are stored and evaluated by us in order to optimize the newsletter distribution and to better adapt the content of future newsletters to your interests. This personal data will not be disclosed to third parties. Affected persons are at any time entitled to revoke the separate declaration of consent made via the double-opt-in process. Upon on opt-out request from this, personal data will be deleted by us. An opt-out request from the newsletter we will automatically interpret as a revocation.

Such an evaluation is carried out in accordance with Art. 6 para. 1 lit.f GDPR on the basis of our legitimate interests in the display of personalized advertising, market research and / or customized design of our website.
To top

5. Web shop on the website

Purpose of data processing

Description and scope of data processing
Our website gives users the opportunity to register at the web shop of our company and to order goods. The data from the input template are transmitted to us when registering for the Web shop.

Mandatory fields: Title, first name, last name, street / house number, zip code / city, country, e-mail address, password.
Optional fields: home phone number, mobile phone number, date of birth

In addition, the following data is collected upon registration:
(1) IP address of the requesting device
(2) Date and time of registration

For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy.

The personal data collected in the context of the web shop are used exclusively for the processing and handling of the ordered goods. There is no transfer to third parties of the personal data collected in the context of the web shop.

Legal basis for data processing
The legal basis for the processing of the data is the execution of a contract or pre-contractual measures for the fulfillment of the contract of the ordered goods according to Art. 6 para. 1 lit. b GDPR.

Purpose of data processing
The collection of personal data of the user is used to process the goods or service order and deliver it to the user.

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the e-mail address used.

Duration of storage
The data will be deleted as soon as it is no longer needed for the fulfillment of the purpose of its collection. After completing the purpose, other legal regulations (eg AO, etc.) may apply, which may require a longer storage duration of the data.

Otherwise personal data collected during the registration process will generally be deleted after a period of twenty-eight days.

Option of objection and removal
The user can have their web shop account deleted by the provider. Longer storage periods mandated by other legal regulation (eg AO, etc.) remain unaffected.
To top

6. Initiating contact / contact form

When contacting us (for example via contact form or e-mail), personal data is collected. Which data are collected in the case of a contact form, can be seen on the respective contact form. These data are stored and used exclusively for the purpose of responding to your request or for establishing contact with you and the technical administration required for the contact. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, then additional legal basis for the processing will be Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter in question was fully clarified and therefore no conflicting legal storage requirements are present.
To top

7. Facebook plugin

We have integrated components of the company Facebook on this internet website. Facebook is a social network.

A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Parties responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

We use a 2-click solution (an actual click on the button will activate the Facebook component on the current page). Each time you visit one of the individual pages of this website, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on your IT system is automatically prompted by the respective Facebook component, to download the corresponding Facebook component from the Facebook website, as soon as you have activated the respective button once with one click. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook receives information about which specific sub page of our website is visited by you.

If you are also logged in to Facebook, Facebook recognizes with each visit to our website and during the entire duration of each stay on our website, which specific sub page of our website you visit, as soon as you have activated the respective button. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account. If you press one of the integrated Facebook buttons on our website, for example the “Like” button, or if you leave a comment, Facebook assigns this information to your personal Facebook user account and saves this personal data.

Facebook always receives information via the Facebook component that you have visited our website, if you are simultaneously logged in to Facebook at the time of accessing our website and if you have activated the respective button with one click; This takes place regardless of whether you clicked on the Facebook component or not. If such a transmission of this information to Facebook is not wanted, you can prevent the transmission by logging out of your Facebook account before requesting our website and / or not activating the button with one click.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains which settings options Facebook offers to protect privacy. In addition, different applications are available, which make it possible to suppress data transmission to Facebook. Such applications can be used by you to suppress data transmission to Facebook.
To top

8. Twitter plugin

We have integrated components of Twitter on this website. Twitter is a multilingual publicly available microblogging service where users can post and distribute so-called tweets, which are limited to 140 characters. Tweets are short messages that are available to anyone, including non-Twitter subscribers. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Twitter also allows you to address a broad audience via hashtags, links or re-tweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We use a 2-click solution (an actual click on the button will activate the Facebook component on the current page). Each time you visit one of the individual pages of this website, which is operated by us and on which a Twitter component (Twitter button) has been integrated, the Internet browser on your IT system is automatically prompted by the respective Twitter component, to download the corresponding Twitter component from the Twitter website, as soon as you have activated the respective button with one click. Further information on the Twitter buttons is available at https://about.twitter.com/en/resources/buttons. As part of this technical process, Twitter receives information about which specific subpage of our website you are visiting. The purpose of the integration of the Twitter component is to allow our users to redistribute the contents of this website, to promote this website in the digital world and to increase our visitor numbers.

If you are simultaneously logged in to Twitter, Twitter recognizes with each visit to our website and during the entire duration of each stay on our website, which specific sub page of our website you visit as soon as you have activated the respective button. This information is collected through the Twitter component and associated with Twitter through your Twitter account. If you press one of the Twitter buttons integrated on our website, the data and information transmitted with it will be assigned to your personal Twitter user account and stored and processed by Twitter.

Twitter always receives information via the Twitter component that you are visiting our website, if you are simultaneously logged in to Twitter at the time of accessing our website and if you have activated the respective button with one click; this takes place regardless of whether you click on the Twitter component or not. If you do not want to transmit this information to Twitter, you can prevent the transmission by logging out of your Twitter account and / or not activating the button with one click before visiting our website.

The applicable privacy policies of Twitter are available at https://twitter.com/privacy?lang=en
To top

9. Google Analytics

Our websites use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter „Google“). ). In this context, pseudonymised usage profiles are created and cookies (see point 4) are used. The information generated by the cookie about your use of this website such as

Browser type / version,
Used operating system,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
Time of server request,

are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and customized website design. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of the provider. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited.
The use of Google Analytics takes place in the interest of optimization and design of our website based on customer demand. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on the following link: Deactivate Google Analytics (Google Analytics deaktivieren). An opt-out cookie will be placed which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in your browser, you must set the opt-out cookie again.

For more information about privacy policies related to Google Analytics, please refer to the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245).
To top

10. Facebook Pixel (Custom Audience)

This website uses the "Facebook-Pixel" of Facebook inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). This can track the behavior of users after they have seen or clicked a Facebook ad. This process is designed to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and may help to optimize future advertising efforts.

The data collected is anonymous to us, so it doesn’t provide us with any information about the identity of the users. However, the data is saved and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage directive (https://www.facebook.com/about/privacy/).

Based in the US, Facebook Inc. is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

In order to deactivate the use of cookies, you can set your Internet browser in such a way that in the future cookies won’t be saved on your IT system and existing cookies can be deleted too. However, switching off all cookies may mean that some functions on our website can no longer be executed. You may disable the use of cookies through third parties, such as Facebook, on the Digital Advertising Alliance website: https://www.aboutads.info/choices/

Alternatively, you can disable the remarketing feature "Custom Audiences" at https://www.facebook.com/settings/?tab=ads#_=_. For this you must be logged in to Facebook.

To top

11. VE Cookie

We use the services of VE Interactive DACH GmbH (Französische Strasse 47, 10117 Berlin, hereinafter referred to as "VE"). In providing our services, VE collects personally identifiable information from end users who visit our websites. For this, VE uses cookies and other similar technologies. More information about the technologies used by VE is available in Ve's Cookie Policy. A list of all purposes for which VE collects personally identifiable information can be found in Ve's privacy policy. In general, through the use of cookies, Ve collects personal information from end users, especially contact information and behavioral data. Ve uses this personal information to draw conclusions about the end user's personal preferences and to personalize the end user's web experience, for example by displaying personalized offers and / or advertisements when customers visit our websites or websites of third parties. Ve and we are jointly responsible for the collection of personal data according to Art. 26 GDPR. Details can be found in Ve's privacy policy.

End users can prevent the processing of their personal data by Ve by various means. The available options for preventing data processing are contained in Ve's privacy policy, including the use of the opt-out button at https://www.ve.com/de/datenschutzerklaerung#opting-out or the use of the opt-out Mechanism of IAB Europe at http://www.youronlinechoices.com/opt-out-interface.

To top

12. Rights of the person concerned

If your personal data is being processed, you are an affected party in the sense of GDPR and you have the following rights towards the responsible party:

Right to information
You may ask the responsible party to confirm if personal data concerning you is processed by us.
If such processing is the case, you can request information from the responsible party about the following subjects:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or the categories of recipients to whom personal data concerning you have been disclosed or are still being disclosed;
(4) the planned duration of storage of your personal data or, if specific information is not available, criteria for determining of the duration of storage;
(5) the existence of a right to correction or deletion of personal data concerning you, a right to restriction of processing by the responsible party or a right to object to such processing;
(6) the existence of a right of complaint to a supervisory authority;
(7) all available information regarding the source of any data if the personal data is not collected from the person in question;
(8) the existence of automated decision-making including profiling according to Article 22 (1) and (4) GDPR and, at least in these cases, obtain meaningful information about the logic involved, and the scope and intended impact of such processing of data of the person in question

You have the right to request information about whether your personal information is transmitted to a third party country or an international organization. In this context, you can ask for the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transmission.

Right to rectification
You have the right to rectification and / or completion to the responsible party, if the your processed personal data is incorrect or incomplete. The responsible person must make the correction without delay.

Right to restriction of processing

You can demand the restriction of processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the responsible party no longer requires personal data for the purposes of processing, but you need them for the purposes of asserting, exercising or defending of legal claims; or
(4) if you objected to the data processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the responsible party outweigh your reasons.
If the processing of personal data concerning you has been limited, such data may be stored only with your consent or for the purpose of asserting, exercising or defending of legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or one of their Member States.
If data processing according to the above named conditions was limited, you will be informed by the responsible party prior to the restriction being lifted.

Right to deletion
Deletion obligation

You may request that the responsbile party delete your personal information without delay, and the responsbile party is required to delete that information immediately, if one of the following is true:
(1) The personal data concerning you are no longer needed for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent to data processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for data processing.
(3) You object to data processing according to Art. 21 para. 1 GDPR and there are no prior justifiable reasons for the processing, or you object according to Art. 21 para. 2 GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfill a legal obligation under European Union law or the law of the members states to which the responsible party is subject.
6) The personal data concerning you were collected in relation to information society services pursuant to Art. 8 (1) GDPR.

Information to third parties
If the responsible party has made your personal data public and is required to delete them in accordance with Article 17 (1) of the GDPR, they shall take appropriate measures, including technical means, to inform all parties who process personal data that you, being the affected party, have requested the deletion of all links to such personal data or copies or replications of such personal data.

Exceptions
The right to deletion does not exist if the processing is necessary
(1) to exercise the right to freedom of speech and information;
(2) to fulfill a legal obligation that requires data processing under the laws of the European Union or their Member States that the responsible party is subject to, or for the performance of a task of public interest or in the exercise of official authority that the responsible party obliges to;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.

Right to notification
If you have exercised your right to correction, deletion or limitation of data processing towards the responsible party, the latter is obliged to notify all recipients of your personal data of this correction, deletion or limitation of data processing, except when: this proves to be impossible or involves a disproportionate effort.
You have a right to be informed about the recipients of these notifications by the responsible party.

Right to data portability
You have the right to receive your personal data provided to the responsible party in a structured, current and machine readable format. You also have the right to transfer this data to another person without hindrance by the responsible party who was provided with the personal data, under the condition that
(1) the data processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR and
(2) the processing is done by automated means.

In exercising this right, you also have the right that your personal data be transmitted directly from one responsible party to another responsible party, as far as this is technically feasible. Any rights of other persons may not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible party.

Right to object
You have the right to object to the processing of personal data on the basis of Art. 6 para. 1 lit. e or f GDPR at any time, for reasons that arise from your particular situation; this also applies to profiling based on these provisions.

The responsible party will no longer process your personal data unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If your personal data is processed in order to conduct direct marketing, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of Information Society Services, of exercising your right to object by means of automated processes that use technical specifications.

Right to revoke consent to the privacy policy

You have the right to revoke your consent to the privacy statement at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Automated decision on an individual basis including profiling
You have the right not to be subjected to any decision based solely on automated processing - including profiling - that will affect you legally or similarly adversely affect you. This does not apply if the decision
(1) is necessary for the closing or execution of a contract between you and the responsible party,
(2) is permitted by the European Union or their Member States’ legislations to which the responsible party is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) with your expressed consent.
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the responsible party shall take appropriate measures to uphold the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the responsible party, to express his / her own position and appeal of the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, employment or the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
To top