Data Privacy Policy

 

Thank you very much for visiting our website or for contacting us in any other way. The protection of your personal data is very important to us. It is generally possible to use the website without providing any personal
data. However, if you wish to receive an online offer from our company, it may become necessary to process your personal data. If we need to process personal data in the absence of a legal basis for such processing,
we generally obtain the prior consent of the data subject. The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always performed in accordance with the current Federal Data Protection Act (BDSG), the General Data Protection Regulation (GDPR) which came into effect on 25 May 2018, and the German Telemedia Act (TMG). It is our company’s intention with this Data Privacy Policy to inform you about the nature, scope and purpose of the personal data processed by us, and inform the data subjects about their rights. Our company has implemented numerous technical and organizational measures to ensure the fullest degree of protection of any personal data processed. Nevertheless, Internet-based data transmissions may generally have security gaps, which means that absolute protection cannot guaranteed.

Our company’s Data Privacy Policy is based on the General Data Protection Regulation (GDPR). We want our Data Privacy Policy to be easy to read and understand. To ensure this, please allow us to begin by explaining the most frequently used terms:

1. Personal Data

The term ‚Personal Data‘ means „any information relating to an identified
or identifiable natural person (hereinafter the „data subject“); a natural person who can be identified either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person, shall be deemed as identifiable“ (Art. 4 (1) of the General Data Protection Regulation (GDPR)).

2. Data Subject

The term ‚Data Subject‘ means any identified or identifiable natural person whose
personal data are processed by the data controller.

3. Processing

The term ‚Processing‘ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction on Processing

The term ‚Restriction on Processing‘ means the marking of saved
personal data with the aim of limiting their future processing.

5. Profiling

The term ‚Profiling‘ means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.

6. Pseudonymization

The term ‚Pseudonymization‘ means the processing of personal data where the personal data can no longer be attributed to a specific data subject without additional information. This additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller or Data Controller

The term ‚Controller‘ or ‚Data Controller‘ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

8. Processor

The term ‚Processor‘ means a natural or legal person, public authority, agency
or other body which processes personal data on behalf of the controller.

9. Recipient

The term ‚Recipient‘ means a natural or legal person, public authority, agency or other
body to whom personal data are disclosed, whether or not that person is a third party. However, any government authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States
shall not be considered as recipients.

10. Third Party

The term ‚Third Party‘ means a natural or legal person, public authority, agency or other
body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

11. Consent

The term ‚Consent‘ shall mean any voluntary, informed and unambiguous expression
by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.

The ‚Data Controller‘ responsible in accordance with the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other provisions of data privacy law is:

Lippert GmbH & Co. KG
Böttgerstrasse 46
92690 Pressath
Germany
Telephone: +49-9644-67-0
Email: lippert@lippert.de
Website : https://www.lippert.de

The data controller’s Data Protection Officer is:

Martin Bickel
Bickel Consult
Georg-Britting-Str. 7
93152 Nittendorf
Germany
Telephone: +49-9404-969638
Email: datenschutz@bcco.de

1. Scope of the processing of personal data
As a general rule, we collect and use our users‘ personal data only to the extent necessary for providing a functional website and for making available our contents and services. As a general rule, we collect and use our users‘ personal data only upon their prior consent. An exception may be made cases where a user’s prior consent cannot be obtained for factual reasons or where the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data
In cases where we obtain the consent of the data subject for processing personal data, Art. 6(1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data which are necessary for the performance of a contract to which the data subject is a party, Art. 6(1) lit. b of the General Data Protection Regulation (GDPR) serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6(1) lit. c of the General Data Protection Regulation (GDPR) serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1) lit. d of the General Data Protection Regulation (GDPR) serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1) lit. f of the General Data Protection Regulation (GDPR) serves as the legal basis for processing.

3. Data erasure and storage duration
The personal data of the person concerned will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place if the European or national legislator has provided for such storage in Union regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless such storage is necessary for further storage of the data for the conclusion or performance of a contract.

1. Description and scope of data processing

Every time you access our website, our system will automatically collect data and information from the computer system of the accessing computer.
The following data will be collected during each access:

(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) The date and time of access
(6) Websites from which the user’s system accesses our website

These data are likewise stored in the log files of our system. These data are not stored together with the user’s other personal data.

2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6(1) lit. f of the General Data Protection Regulation (GDPR).

3. Purposes of data processing
Temporary storage of the IP address by the system is necessary to enable content delivery of the website to the user’s computer. For this purpose, the user’s IP address needs to remain stored for the duration of the session.

The data are stored in log files to uphold the functionality of the website. The data are also used to optimize the website and to maintain the security of our information technology systems. We will not analyze any of the data obtained in this manner for marketing purposes.

These purposes also justify our legitimate interest in data processing according to Art. 6(1) lit. f of the General Data Protection Regulation (GDPR).

4. Duration of storage
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. Any data collected for the provision of the website contents will be erased as soon as a particular session is terminated.

If the data are stored in log files, they will be erased after seven days at the latest. Storage beyond that timeframe may be possible. In that case, however, the users‘ IP addresses will be deleted or alienated to render any references to the calling client impossible.

5. Right to object and right to erasure
The collection of data for the provision of the website contents and the storage of data in log files is indispensable for the operation of the website. This means that the user has no effective right of objection

 

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are saved in the Internet browser or by the Internet browser on the user’s computer system. Whenever a user visits a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require for the calling browser to be identified even after a website change.

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies which are necessary for technical purposes is Art. 6(1) lit. f of the General Data Protection Regulation (GDPR).

3. Purposes of data processing
The purpose of using cookies which are necessary for technical purposes is to make the use of websites easier for the users. Some functions of our website cannot even be offered without the use of cookies. These functions make it necessary for the browser to be recognized even after a website change. We need cookies for the following applications:
(1) Consent to the use of cookies – ‚Cookie Consent‘
The user data collected by cookies necessary for technical purposes will not be used to create user profiles.
These purposes also justify our legitimate interest in the processing of personal data according to Art. 6(1) lit. f of the General Data Protection Regulation (GDPR).

4. Duration of storage, right to object and right to erasure
Cookies are stored on the user’s computer and transmitted from that computer to our site. This means that you as a user have full control over the use of cookies. You may deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored may be deleted at any time. This can even be done automatically. If any cookies for our website are deactivated, it may no longer be possible to use all functions of the website to the full extent.

1. Description and scope of data processing
On our website you will find a contact form you may want to use to make contact with us electronically. If you decide to use this option, the data entered in the input mask will be transmitted to and stored by us. These data typically include: Name, email address, telephone. We will obtain your consent for processing the data as part of the transmission process, and will advise you of this Data Privacy Policy. An alternative option would be to contact us via the email address provided. In that case, the user’s personal data transmitted with the email will be stored. None of the data collected for that purpose will be passed on to third parties. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing
The legal basis for the processing of the data, and provided the user has given his or her consent, is Art. 6(1) lit. a of the General Data Protection Regulation (GDPR). The legal basis for the processing of data transmitted during the course of an email transmission is Art. 6(1) lit. f of the General Data Protection Regulation (GDPR). If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6(1) lit. b of the General Data Protection Regulation (GDPR).

3. Purposes of data processing
We process the personal data from the input mask solely for the purpose of processing your contact request. If you contact us by email, such establishment of contact also constitutes the legitimate interest required for the processing of the data. The other personal data processed during the transmission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the contact form’s input mask or for any personal data sent by email, this will be the case as soon as the relevant conversation with the user has ended. The conversation will end when it can be inferred from the circumstances that the matter has been resolved to the parties‘ satisfaction.  The additional personal data collected during the transmission process will be deleted after a period of seven days at the latest.

5. Right to object and right to erasure
The user has the right to revoke his or her consent to the processing of personal data at any time. When contacting us by email, the user may object to the storage of his or her personal data at any time. In such a case, it will not be possible to continue the conversation. If you wish to revoke your prior consent to the processing of your data, please contact our data protection officer by telephone or in writing, using the contact details given above.
In that case, all personal data stored during the course of making contact will be erased. The basis for the processing of data transmitted during the course of an email transmission is Art. 6(1) lit. f of the General Data Protection Regulation (GDPR). If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6(1) lit. b of the General Data Protection Regulation (GDPR).

1. Description and scope of data processing
On our website we are offering you a subscription to a free newsletter. If you register for the newsletter, the data from the input mask will be transmitted to us.
Besides, the following data will be collected during registration:
(1) The calling computer’s IP address
(2) Date and time of registration

None of the data processed in connection with the sending of newsletters will be passed on to third parties. The data will be used solely for sending the newsletter.

2. Legal basis for data processing
The legal basis for the processing of the data after the user has registered for the newsletter, and provided the user has given his or her consent, is Art. 6(1) lit. a General Data Protection Regulation (GDPR).

3. Purposes of data processing
The user’s email address is collected for the purpose of delivering the newsletter.
The reason other personal data are collected as part of the registration process is to prevent misuse of the services or of the e-mail address used.

4. Duration of storage
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. This means that the user’s e-mail address will be stored for as long as the user’s newsletter subscription is active.
The other personal data collected in the course of the registration process are usually deleted after a period of seven days.

5. Right to object and right to erasure
The data subject has the right to cancel the newsletter subscription at any time. You will find that every newsletter contains a link for that purpose.

1. Description and scope of data processing
This website uses Google Analytics, a web analysis service by Google Inc. (hereinafter: „Google“). Google also uses cookies via our website. Google Analytics also uses cookies which are stored on your computer and permit an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) is transmitted to and stored on one of Google’s servers in the United States. On this website, Google Analytics was extended by the „grt._anonymizeIP();“ code to ensure the anonymous collection of IP addresses.
However, if IP anonymization was activated on this website, the IP address will first be truncated by Google within the member states of the European Union or the other contracting states of the Treaty on the European Economic Area (EEA).
Only in exceptional cases will the complete IP address be transmitted to a Google server in the United States and truncated there.
Google will use this information to evaluate your use of the website, to produce reports on website activities for the website operators, and to provide other services related to the use of the website and the Internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process these data on Google’s behalf. Google will never associate your IP address with any other data held by Google. Google will not associate the IP address transmitted by your internet browser within the scope of Google Analytics with any other data held by Google.

2. Legal basis
The legal basis for the use of Google Analytics website analytics services is Art. 6(1) lit. f of the General Data Protection Regulation (GDPR). The use of cookies by Google is permitted according to Art. 6 (1) lit. f of the General Data Protection Regulation (GDPR).

3. Purpose of processing
The purpose of using Google’s web analytics services and cookies is to increase our website’s efficiency by improving user behavior analytics, with a view to paying the fullest regard to our users‘ interests and needs. This purpose also justifies our legitimate interest in data processing according to Art. 6 lit. f of the General Data Protection Regulation (GDPR).

4. Duration of storage, right to object and right to erasure
You may refuse the installation of cookies by selecting the appropriate settings on your browser software; however, please note that if you do this you may not be able to use the full functionality of this web page. You may also avoid the use of Google Analytics, i.e., Google’s collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en ).

1. Description and scope of data processing
On this website, we use plug-ins by the company YouTube based in LLC 901 Cherry Ave. 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. The plug-in used for this purpose is merely a picture containing a simple HTML link to the corresponding video on YouTube. By clicking on the corresponding picture, you will be redirected to YouTube. The button will not establish direct contact between YouTube and our visitors until the visitor becomes active on YouTube. Only from that point will your data be transmitted to YouTube. If, on the other hand, the button is not clicked, there will be no exchange between the user and YouTube.
Please be expressly advised that we, as the operator of this website, have no knowledge of the extent to which YouTube is using these data. YouTube is providing its own information in this regard. This information can be found in Google’s official data privacy statement, which is available for download at: https://policies.google.com/privacy?hl=de&gl=de
On our website we are offering you a subscription to a free newsletter. If you register for the newsletter, the data from the input mask will be transmitted to us.

2. Legal basis for data processing
The legal basis for the use of YouTube plug-ins is Art. 6(1) lit. a of the General Data Protection Regulation (GDPR).

3. Purposes of data processing
The purpose of using the YouTube plug-in is to increase the efficiency of our website and improve its user friendliness.

4. Duration of storage, right to object and right to erasure
If you wish to prevent YouTube from associating your visit to our website with your YouTube profile, you may do so by logging out under your YouTube profile after having read these instructions.

1. Facebook button
a) Description and scope of data processing
This website uses so-called plugging by Facebook, a social network based on 1601 South California Avenue, Palo Alto, CA 94304, U.S.A. All Facebook plugging used on this website can be recognized by the Facebook logos or the „Like“ button. You can find a list of the plugging provided by Facebook, and possibly used on this website, on the social network’s official information site:

http://developers.facebook.com/docs/plugins/

Facebook uses these plugging to collect information about the website visited and about the services offered on that website. Examples of the information collected may include, without being limited to, operating systems, hardware versions, device settings, file and software names and types, battery and signal strength, and device IDs, device locations including specific geographic locations, e.g. via GPS, Bluetooth, or WLAN signals, connection information such as the name of the mobile phone or Internet service provider, browser type, language and time zone, mobile number, and IP address.
Facebook may associate information collected from various different devices.

We use the „Shariff“ procedure when using social media plug-ins.

The plug-in used for this purpose is merely a picture containing a simple HTML link to the Facebook social network. By clicking on the corresponding picture, you will be redirected to the services of the respective network. The button will not establish direct contact between the social network and our visitors unless the visitor actively clicks on the Share button. Only from that point will your data be transmitted to the respective social network. If the button is not clicked, there will be no exchange whatsoever between yourself and the social network.
Please be expressly advised that we, as the operator of this website, have no knowledge of the extent to which Facebook uses these data. Facebook is providing its own information in this regard. This information can be found in Facebook’s official data privacy statement, which is available for download at
http://de-de.facebook.com/policy.php

b) Legal basis for data processing
The legal basis for the use of the Facebook plugging under the Shariff system, after the visitor’s prior consent, is Art. 6(1) lit. a General Data Protection Regulation (GDPR).

c) Purposes of data processing
The purpose of using the Facebook plug-in is to increase the efficiency of our website and improve its user friendliness.

d) Duration of storage, right to object and right to erasure
If you wish to prevent Facebook from associating your visit to our website with your Facebook user account, you may do so by logging out under your Facebook user account after having read these instructions.

If personal data concerning you are being processed, you are considered a data subject as defined by the General Data Protection Regulation (GDPR), and you are entitled to the following rights against the data controller:

1. Right to information
You have the right to obtain confirmation from the data controller as to whether or not personal data concerning you are being processed by us.
If such processing is taking place, you have the right to request the following information from the data controller:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you, or, where no specific information is available in this regard, the criteria for determining the duration of storage;
(5) the existence of a right to have the personal data concerning you rectified or deleted or to have the data controller restrict or object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) of the General Data Protection Regulation (GDPR) and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees provided for in Art. 46 of the General Data Protection Regulation (GDPR) in connection with the transfer.

2. The right to rectification
You have the right to have your personal data rectified and/or completed by the data controller if the processed personal data concerning you are inaccurate or incomplete. The data controller has an obligation to perform such rectification immediately.

3. The right to restrict processing
Under the following conditions, you may request that the processing of your personal data be restricted:
(1) if you contest the accuracy of the personal data concerning you for a period of time allowing the data controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and if you refuse the erasure of the personal data and instead request a restriction on the use of the personal data;
(3) if the data controller no longer needs the personal data for the purposes of processing, but if the data subject needs them for the purpose of asserting, exercising or defending legal claims, or
(4) if you have lodged an objection against the processing pursuant to Art. 21 (1) of the General Data Protection Regulation (GDPR) and if it has not yet been determined whether the data controller’s justified reasons outweigh your reasons. Where the processing of the personal data concerning you has been restricted in accordance with the above conditions, such personal data shall only be processed – apart from being stored – with the consent of the data subject or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. The right to erasure
a) Duty of erasure
You may request the data controller to immediately erase the personal data concerning you, and the data controller will be obliged to erase these data immediately if one of the following grounds applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing pursuant to Art. 6(1) lit. a or Art. 9(2) lit. a of the General Data Protection Regulation (GDPR) was based, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) of the General Data Protection Regulation (GDPR) and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) of the General Data Protection Regulation (GDPR).
(4) The personal data concerning you have been processed unlawfully.
(5) The erasure of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.
(6) The personal data concerning you have been collected in relation to the provision of information society services pursuant to Art. 81 of the General Data Protection Regulation (GDPR).
b) Disclosure of information to third parties
If the data controller has made the personal data concerning you publicly available and if he/she is obliged to erase them in accordance with Art. Art. 17(1) of the General Data Protection Regulation (GDPR), he/she shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data processors who process the personal data that a data subject has requested them to erasure all links to such personal data or copies or replications of such personal data.
c) Exemptions
The right to erasure does not exist in cases where the processing is necessary
(1) to exercise the right of freedom of expression and information;
(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9(2) lit. h and i and Art. 9(3) of the General Data Protection Regulation (GDPR);
(4) for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) of the General Data Protection Regulation (GDPR), to the extent that the law referred to in paragraph (a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or for the assertion, exercise or defense of legal claims.
(5) for asserting, exercising or defending legal claims.

5. Right to information
If you have exercised your right to rectify, erase or restrict the processing of your personal data against the data controller, the latter shall be obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort.
They shall have the right to be informed of such recipients by the data controller.

6. The right to data portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to communicate these data to another data controller without being hindered by the controller to whom the personal data were provided, provided that
(1) the processing is based on a consent in accordance with Art. 6(1) lit. a General Data Protection Regulation (GDPR) or Art. 9(2) lit. a General Data Protection Regulation (GDPR) or on a contract in accordance with Art. 6(1) lit. b of the General Data Protection Regulation (GDPR) and
(2) the processing is carried out using automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one data controller to another controller, insofar as this is technically feasible. The exercise of this right must not affect the freedoms and rights of other persons.

7. The right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on paragraph (e) or (f) of Art. 6(1) lit. e or f of the General Data Protection Regulation (GDPR); this also applies to profiling based on these provisions. The data controller no longer processes the personal data unless he/she can prove compelling justifiable grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or if the processing serves for the assertion, exercise or defense of legal claims. If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. In connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, you may exercise your right of opposition by means of automated procedures using technical specifications.

8. The right to revocation of the declaration of consent under data privacy law
You have the right to revoke your declaration of consent under data privacy law at any time. Your revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until the date of revocation.

9. Automated decision in individual cases including profiling
You have the right not to be subjected to any decisions based solely on automated processing, including profiling, which may have any legal effects on you or affect you in a similar, significant way.
This shall not apply where the decision
(1) is necessary for the conclusion or performance of a contract between yourself and the data controller,
(2) is admissible by law of the Union or of the Member States to which the data controller is subject and that law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or
(3) is made with your express consent.
However, these decisions shall not be based on special categories of personal data according to Art. 9 (1) of the General Data Protection Regulation (GDPR), unless Art. 9(2) lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms
as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall take appropriate
measures to safeguard the rights and freedoms and your legitimate interests,
which includes at least the right to obtain the intervention of a person on behalf of the
data controller, to state his or her point of view, and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy provided for in Art. 78 of the General Data Protection Regulation (GDPR).