Privacy Statement – Indra Avitech GmbH respects your privacy

Information obligations pursuant to Art. 12, 13 ff. EU GDPR

Indra Avitech GmbH respects your privacy and is committed to protecting the security of your personal information. This Privacy Statement informs you of our Privacy Policy and practices, and of the choices you can make about the way your information is collected online and how that information is used. We have structured our websites so that, in general, you can visit Avitech on the Web without identifying yourself or revealing any personal information. This notice is made readily available by us on our home page and at the bottom of every Indra Avitech web page.

1. Name and address of the controller

Your contact partner as the controller within the meaning of the European General Data Protection Regulation (“EU GDPR”) and other national data protection laws of the member states and other data protection regulations is:

Indra Avitech GmbH
Bahnhofplatz 3
88045 Friedrichshafen

Commercial Register: Ulm Local Court HRB 728293
VAT id. no.: DE 223719716
Managing Director: Jon Joseba Goyarzu Caño
(hereinafter referred to as “we” or “us”)

2. Name and address of the Data Protection Officer

Indra Avitech GmbH attaches great importance to the protection of your personal data. In order to reflect this importance, we have raised the awareness of this issue among our employees and appointed an employee as our Data Protection Officer. Our Data Protection Officer has the expertise and competence to carry out this function.

Please contact our Data Protection officer directly regarding any data protection and data security issues at Indra Avitech GmbH:
E-mail: dataprotection[at]indra-avitech.aero
Phone: +49 (0) 7541 282- 0 (Central phone number)

3. General information about data processing

a. Scope of processing of personal data

We only process your personal data insofar as this is necessary for the performance of our services. Your personal data will be processed regularly only on the basis of your consent. An exception is made in those cases in which it is not possible to obtain prior consent for practical reasons or the processing of your personal data is permitted by law.

b. Legal basis for the processing of personal data

If we obtain consent from you for the processing of personal data, Art. 6 Para. 1 Letter a EU GDPR will act as our legal basis.

When we process personal data which is necessary for the performance of a contract between you and us, Art. 6 Para. 1 Letter b EU GDPR will act as our legal basis. This also applies for processing operations which are necessary in order to take steps prior to entering into a contract.

If the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 Para. 1 Letter c EU GDPR will act as our legal basis.

If the processing of personal data is necessary in order to protect the vital interests of yourself or of another natural person, Art. 6 Para. 1 Letter d EU GDPR will act as our legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and your interests, fundamental rights and freedoms do not override the first-mentioned interest, Art. 6 Para. 1 Letter f EU GDPR will act as the legal basis for the processing.

c. Deletion of data and storage period

Your personal data will be deleted or blocked as soon as the purpose for its storage no longer exists. It can also be stored if this is provided for by the European or national legislators in EU regulations, laws or other regulations to which we are subject. The data will also be blocked or deleted if a retention period prescribed by the aforementioned standards expires, unless the continued storage of the data is necessary for the conclusion or performance of a contract.

4. Data processing on our website

a. Provision of website and creation of logs

This website uses Matomo, and open source, self-hosted software, in order to collect anonymous usage data for this website.

The data on the behaviour of visitors is collected in order to detect any problems such as pages not found, search engine problems or unpopular pages. As soon as the data (number of visitors who view the error pages or view only one page, etc.) is processed, Matomo generates reports for the website operators so that they can react to these. (Layout changes, new content, etc.)

Matomo processes the following data:

  • Cookies
  • Anonymised IP addresses with the last 2 bytes removed (i.e. 198.51.0.0 instead of 198.51.100.54)
  • Pseudoanonymised location (based on the anonymised IP address)
  • Date and time
  • Title of the page being viewed
  • URL of the page being viewed
  • URL of the previous page (if the page allows this)
  • Screen resolution
  • Local time
  • Files that were clicked and downloaded
  • External links
  • Page generation time
  • Country, region, city (with low accuracy based on IP address)
  • Main language of the browser
  • User agent of the browser
  • Interactions with forms (but not their content)
  • Server logs

The processing of personal data is based on the principle of legitimate interests

Processing data helps us to identify what is working and what is not on our website. For example, it helps us to identify if the content is well received or if we can improve the structure of the website. Our team benefits from and can react to this. By allowing the processing of data, you will therefore benefit from a website which will get better and better.

Without this data, we would not be able to provide you the service. Your data will be used exclusively to improve the use of the website.

i. Legal basis for the data processing

The legal basis for the processing of your personal data relating to the provision of the website and the creation of log files is provided by Art. 6 Para. 1 Letter f EU GDPR.

ii. Purpose of the data processing

The temporary storage of your personal data by us is necessary in order for the website to be delivered to your computer. For this purpose, your personal data has to be stored for the duration of the session.

Your personal data is stored in log files in order to ensure the functionality of the website. We also use your personal data to optimise the website and ensure the security of our IT systems. Your personal data is not analysed in this connection for marketing purposes.

In these purposes also lies our legitimate interest in data processing pursuant to Art. 6 Para. 1 Letter f EU GDPR.

iii. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your personal data is collected for the provision of the website, this is the case as soon as the respective session has ended.

If your personal data is stored in log files, these will be deleted after seven days at the latest. The data may be stored for a longer period. In this case your personal data will be deleted or distorted so that it can no longer be assigned to the client viewing the website.

iv. Opt out and deletion

The collection of your personal data for the provision of the website and the storage of your personal data in log files are essential for the operation of the website. As a consequence you cannot opt out.

b. Use of cookies

i. Legal basis for the data processing

The legal basis for the processing of your personal data relating to the use of the technically necessary cookies is provided by Art. 6 Para. 1 Letter f EU GDPR.

ii. Purpose of the data processing

Technically necessary cookies are used to simplify use of our website for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that your internet browser is recognised after a change of page. The user data collected by technically necessary cookies is not used to create user profiles.

In this purpose also lies our legitimate interest in the processing of your personal data pursuant to Art. 6 Para. 1 Letter f EU GDPR.

iii. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected; this is in particular the case when the cookies are deactivated.

iv. Opt out and deletion

Cookies are stored on your computer and transmitted by your computer to our website. You therefore also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, you may no longer have full use of all of the functions of this website.  

v. Cookie settings

Necessary

These cookies are required to guarantee functions that are essential for the operation of the website. These cookies cannot, therefore, be deactivated. They are proprietary cookies that are used exclusively on this website. This means that the information stored in the cookies is only sent to this website.

Name

Supplier

Purpose

Expiry

dp_cookieconsent_status   

indra-avitech.aeroDetermines whether cookies are accepted or not, and  the categories of cookies accepted.1 year
__cfduidmyfonts.netThe cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.1 month

Analytics

Statistical cookies help website owners understand how visitors interact with their website, gathering and providing anonymous information.

Name

Supplier

Purpose

Expiry

_pk_id.*   

indra-avitech.aeroUsed to store a few details about the user such as the unique visitor ID1 year
_pk_ses.*indra-avitech.aeroThe status of the active visitor's session. If there is no cookie, it means that the visitor's session was more than 30 minutes ago and the visit count increases in a pk_id cookie.13 months

Marketing

Marketing cookies are used to track website visitors. The intention is to display adverts that are relevant and of interest to the user.

Name

Supplier

Purpose

Expiry

YSC   

YoutubeRegisters a unique identifier to keep statistics on which YouTube videos the user has seen.Session
VISITOR_INFO1_LIVEYoutubeTries to calculate the user's bandwidth in pages with integrated YouTube videos.179 days
IDEDoubleclickUsed by Google DoubleClick to register and report the user's actions on the website after viewing or clicking one of the advertisers' ads, to measure the effectiveness of ads and display specific information for the user.1 year
GPSYoutubeUsed by YouTube to store location data.30 minutes
NIDGoogleGoogle NID cookie: a unique identifier used by Google applications to store the information you prefer1 year
CONSENTGoogleConsent20 years
CONSENTYoutubeConsent20 years

 

c. Contact form and contact by e-mail

i. Legal basis for the data processing

The legal basis for the processing of your personal data transmitted when you contact us via the contact form or by e-mail is provided by Art. 6 Para. 1 Letter f EU GDPR. If you contact us via the contact form or by e-mail for the purpose of concluding a contract, Art. 6 Para. 1 Letter b EU GDPR will also provide a legal basis for the processing of your personal data.

ii. Purpose of the data processing

If you contact us via the contact form or by e-mail, your personal data will be processed solely for the purpose of processing the contact.

iii. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via the contact form or by e-mail, this will be the case when the respective conversation with you has finished. The conversation will be finished when it can be deduced from the circumstances that the issue concerned has been settled finally between you and us.

iv. Opt out and deletion

You can opt out from the processing of your personal data collected when you contact us via the contact form or via e-mail at any time with effect for the future. In such a case the conversation between you and us will not be continued. All personal data stored in the course of the contact will in this case be deleted.

 

e. Legal defence and enforcement

i. Legal basis for the data processing

The legal basis for the processing of your personal data relating to legal defence and enforcement is provided by Art. 6 Para. 1 Letter f EU GDPR.

ii. Purpose of the data processing

The purpose of processing your personal data in the course of legal defence and enforcement is to defend against unwarranted claims and the legal enforcement of claims and rights. In this purpose lies our legitimate interest in data processing pursuant to Art. 6 Para. 1 Letter f EU GDPR.

iii. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

iv. Opt out and deletion

The processing of your personal data in the course of legal defence and enforcement is essential for the legal defence and enforcement. As a consequence you cannot opt out.


5.  Data Processing next to our Website

a. Social networking

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks used by us can be found below.

Social networks such as Facebook, Twitter, etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners).
By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals  (e.g. in their privacy policy, see below)

i.  Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
The analysis processes initiated by the social networks may be based on different legal bases, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).

ii. Responsible party and assertion of rights

If you visit one of our social media sites (e.g. YouTube), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis YouTube).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals.
Our options are largely determined by the corporate policy of the respective provider.

iii. Period of storage

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes.
For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

iv. Social networks in use

YouTube
The Indra Avitech GmbH uses a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
We would like to point out that you use the YouTube channel offered here and its functions on your own responsibility.
Information on which data is processed by Google and for which purposes can be found in Google's data protection statement:
https://policies.google.com/privacy?hl=de

 

b. Generation of service provider and supplier accounts

i. Legal basis for the data processing

The legal basis for the processing of your personal data relating to the generation of service provider and supplier accounts  is provided by Art. 6 Para. 1 Letter f EU GDPR.

ii. Scope and purpose of data collection

In conjunction with the recurring commissioning of services that are related to the procurement of products, we maintain a database, in which we, in addition to the company names, in particular also process the names and the business contact data of the respective contacts. We process the following personal data in our database: First name, Last name, Business email address and Business phone number. The data processing purpose is the internal provision of qualified suppliers and service providers along with their respective contact names for future orders and procurements.

iii. Storage period of the data

Your personal data will be archived until the purpose for archiving no longer exists. As a rule, this will be the case if no future orders or procurements are anticipated and the respective contact person is no longer available as a liaison.

iv. Opt out and deletion

You may object to the processing of your personal data in conjunction with the generation of service provider or supplier contacts, which will affect all future interactions.

c. Execution of business contracts, performance of contracts and servicing of the existing customer base

i. Legal basis for the data processing

The legal basis for the processing of your personal data relating to the execution of business contracts, performance of contracts and servicing of the existing customer base including the payment of invoices is provided by Art. 6 Para. 1 Letter f EU GDPR.

ii. Scope and purpose of data collection

In conjunction with the execution of business contracts, the performance of contracts and the servicing of the existing customer base including the payment of invoices, we process the following personal data: First name, Last name, Business email address, Business phone number. The data processing purpose is the execution of a contract and its performance as well as any related existing customer base servicing including the payment of invoices.

iii. Storage period of the data

Your personal data will be archived until the purpose for the former no longer exists. As a rule, this will be the case of the contract the order is based upon has been fulfilled, if all related entitlements have been rendered ineffective by the statute of limitations and if statutory retention periods no longer apply. The processing of the data of the respective contacts will end at the point in time as of which the contact person is no longer available as a liaison.

iv. Transfer to Non-EU and Non-EEA Countries

In conjunction with the processing of your personal data, it is possible that we share your personal data with trustworthy service providers in non-EU and non-EEA countries. These countries are nations that are not within the European Union (EU) or the European Economic Area (EEA). In this context, we cooperate only with such service providers who are in a position to give us qualified guarantees aiming at the protection of your personal data and who are in a position to warrant that your personal data will be processed in compliance with the stringent European Data Protection Standards. A copy of these qualified guarantees may be reviewed at our business. If we share any personal data with recipients in non-EU and non-EEA countries, this will be done on the basis of a so-called adequacy decision of the European Commission, or, if such a decision is not available, on the basis of so-called standard contractual clauses, which also have been passed by the European Commission.

v. Opt-out and deletion

The processing of your personal data is mandatory for the performance of the contract. Consequently, you do not have any objection options.

d. Candidate data

We offer you the opportunity to apply to us (e.g. by e-mail, post or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process.
We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

i. Scope and purpose of data collection

When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent that this is necessary to decide whether to establish an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time.
Your personal data will only be passed on within our company to persons involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG-neu and Art. 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.

ii. Storage period of the data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO).
The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute.
If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further retention no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.

iii. Inclusion in the applicant pool

If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a DSGVO). The provision of consent is voluntary and is not related to the current application process.
The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given

6. Recipient categories

In our company your personal data is received by those positions and departments which need it to fulfill the aforementioned  purposes. In addition, we use different service providers in some cases and transmit your personal data to other trusted recipients.
These may be:

  • Banks
  • IT service providers
  • Lawyers and courts

 

7. Rights of the data subject

If your personal data is processed by us, you are the data subject within the meaning of EU GDPR and you may demand from us the following rights:

a. Right to information

You can demand to receive confirmation from us about whether personal data concerning yourself is processed by us.

If such processing takes place, you can demand from us the following information:

(1) the purposes for which the personal data is processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data has been disclosed or is yet to be disclosed;
(4) the planned length of time the personal data concerning yourself will be stored or, if it is not possible to provide precise information concerning this, criteria for determining the length of storage time;
(5) the existence of a right to correction or deletion of the personal data concerning yourself, a right to the restriction of processing by us or a right to object to this processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information about the origin of the data, if the personal data is not collected from you;
(8) the existence of automated decision-making including profiling according to Art. 22 Paras. 1 and 4 EU GDPR and – at least in these cases– meaningful information on the logic involved and the consequences and intended effect of such processing for you.

You have the right to demand information about whether the personal data concerning yourself is transferred to a third country or an international organisation. In this connection, you can demand to be informed of the appropriate safeguards relating to the transfer pursuant to Art. 46 EU GDPR.

b. Right to correction

You have the right to demand that we correct and/or complete data, if the processed personal data concerning yourself is incorrect or incomplete. We have to correct the data immediately.

c. Right to restrict the processing

In the following circumstances you can demand that we restrict the processing of the personal data concerning yourself:

(1) if the accuracy of the personal data concerning yourself is contested by you, for a period enabling us to verify the accuracy of the personal data;
(2) if the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of use of the personal data;
(3) if we no longer need the personal data for processing purposes, but you need this to enforce, exercise or defend legal rights, or
(4) if you have objected to the processing pursuant to Art. 21 Para. 1 EU GDPR and it is not yet clear our legitimate reasons override your own reasons.

If the processing of the personal data concerning yourself has been restricted, this data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing has been restricted in the above circumstances, you will be informed by us before the restriction is lifted.

d. Right to deletion

i. Obligation to delete

You can demand that we delete immediately the personal data concerning yourself, and we have to delete personal data immediately, if one of the following reasons applies:

(1) The personal data concerning yourself is no longer required for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent upon which the processing is based pursuant to Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a EU GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 Para. 1 EU GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Para. 2 EU GDPR.
(4) The personal data concerning yourself was processed unlawfully.
(5) The deletion of the personal data concerning yourself is required to meet a legal obligation under Union law or the law of the member states which we are subject to.
(6) The personal data was collected in relation to information society services pursuant to Art. 8 Para. 1 EU GDPR.

ii. Informing third parties

If we have published personal data concerning yourself and are accordingly required to delete it pursuant to Art. 17 Para. 1 EU GDPR, we will take appropriate measures, including of a technical nature, taking into account the available technology and implementation costs, to inform the persons responsible for the data processing that you as the data subject have asked them to delete all links to this personal data or copies or replications of this personal data.

iii. Exceptions

The right to deletion does not exist if the processing is necessary:

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 Para. 2 Letters h and i and Art. 9 Para. 3 EU GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 Para. 1 EU GDPR in so far as the right referred to in Para. a is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

e. Right to be informed

If you have exercised the right to correction, deletion or restriction of processing against us, we have to inform all recipients of the personal data concerning yourself of this correction or deletion of the data or the restriction of processing, unless this proves to be impossible or involves unreasonable expense.

You have the right to demand that we inform you of these recipients.

f. Right to data portability

You have the right to receive the personal data concerning yourself that you have provided us in a structured, common and machine-readable format. You have the right to transfer this personal data that you have provided us to another controller without any hindrance from us, if

(1) the processing is based on consent pursuant to Art. 6 Para. 1 Letter a EU GDPR or Art. 9 Para. 2 Letter a EU GDPR or a contract pursuant to Art. 6 Para. 1 Letter b EU GDPR and
(2) the processing is performed with the help of automated processes.

In exercising this right, you also have the right to have the personal data concerning yourself transferred directly from us to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability will not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercising of official authority vested in us.

g. Right to object

You have the right to object at any time for reasons relating to your particular situation to the processing of personal data concerning yourself which is performed on the basis of Art. 6 Para. 1 Letters e or f EU GDPR; this also applies to profiling based on these provisions.

We will no longer process the personal data concerning yourself, unless we can provide proof of compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the enforcement, exercising or defence of legal rights.

If personal data concerning yourself is processed for direct advertising purposes, you have the right to object at any time to the processing of personal data concerning yourself for the purpose of such advertising; this also applies to profiling, if it is related to such direct advertising.

If you object to processing for direct marketing purposes, the personal data concerning yourself will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you can exercise your right to object by automated means using technical specifications.

h. Right to withdraw the declaration of consent required under data protection law

You have the right to withdraw your declaration of consent required under data protection law at any time. The lawfulness of the processing that has taken place based on the consent up until the withdrawal will not be affected by the withdrawal.

i. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. This will not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and us,
(2) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is based on your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 Para. 1 EU GDPR, unless Art. 9 Para. 2 Letter a or g EU GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests have been taken.

Regarding the cases stated in (1) and (3), we will take suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

Without prejudice to any other administrative or non-judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged breach, if you are of the view that the processing of the personal data concerning yourself is in breach of the EU GDPR.

j. Right to complain to a supervisory authority

The supervisory authority responsible for us is:

The State Data Protection and Freedom of Information Officer for Baden-Württemberg (Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg)
Königstrasse 10 a
70173 Stuttgart
poststelle[at]ldi.bwl.de
https://www.ldi.nrw.de
Phone: +49 (0) 711 615541-0
Fax: +49 (0) 711 615541-15

The supervisory authority with whom you have filed a complaint will inform you of the progress and results of the complaint including the possibility of judicial remedy pursuant to Art. 78 EU GDPR.

If you have any questions, please do not hesitate to contact our Data Protection Officer (See chapter 2)