Imprint & Privacy Policy of Paul Schwind

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is the person named in the Imprint.

II. General information on data processing

1. Scope of processing of personal data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.

2. Legal basis for the processing of personal data

If we obtain consent from the data subject for processing operations involving personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

To the extent that processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

If processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Art. 6(1)(d) GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a retention period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data are collected in this context:

1. Information about the browser type and the version used
2. The user's operating system
3. The user's internet service provider
4. The user's IP address
5. Date and time of access
6. Websites from which the user's system reached our website
7. Websites that are accessed from the user's system via our website

The data are also stored in the log files of our system. Storage of these data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.
Storage in log files takes place to ensure the functioning of the website. In addition, the data serve us for the technical optimization of the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.
In the case of storage of the data in log files, this is the case at the latest after seven days. Further storage beyond this is possible. In this case, the users' IP addresses will be deleted or altered so that assignment to the requesting client is no longer possible.

5. Right to object and removal options

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Accordingly, the user has no right to object.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is visited again.
We use cookies to make our website functional. Some elements of our website require that the calling browser can still be identified after navigating to a different page.
The following data are stored and transmitted in the cookies:

1. Language settings
2. Items in a shopping cart
3. Log-in information

In addition, we use cookies on our website that enable analysis of users' surfing behavior.
In this way the following data can be transmitted:

1. Entered search terms
2. Frequency of page views
3. Use of website functions

When our website is accessed, the user is informed about the use of cookies for analysis purposes and their consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also provided.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies for analysis purposes is, if the user has given consent, Art. 6(1)(a) GDPR.
The legal basis for the processing of personal data using technically necessary cookies is otherwise Art. 6(1)(f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser can be recognized again after a page change.
We need cookies for the following applications:

1. Shopping cart
2. Adoption of language settings
3. Log-in information

The user data collected by technically necessary cookies are not used to create user profiles.
The use of the analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can continuously optimize our offering.
These purposes also constitute our legitimate interest in the subsequent processing of personal data pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage, objection and deletion options

Cookies are stored on the user's computer and transmitted by it to our site. Therefore, as a user you also have full control over the use of cookies. By changing the settings in your internet browser you can disable or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, not all functions of the website may be fully usable.

V. Newsletter

1. Description and scope of data processing

On our website there is the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input form is transmitted to us.
In addition, the following data are collected during registration:

1. IP address of the accessing computer
2. Date and time of registration

For the processing of the data, your consent is obtained as part of the registration process and reference is made to this privacy policy.

If you purchase goods or services on our website and provide your email address, this may subsequently be used by us to send a newsletter. In such a case, the newsletter will only contain direct advertising for our own similar goods or services.

In connection with the data processing for sending newsletters, no data will be transferred to third parties. The data are used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after registration for the newsletter by the user is, if the user has given consent, Art. 6(1)(a) GDPR.

The legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The collection of the user's email address is to deliver the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or of the email address used.

4. Duration of storage

The data are deleted as soon as they are no longer necessary for the purpose for which they were collected. The user's email address is therefore stored as long as the newsletter subscription is active.

Other personal data collected as part of the registration process are generally deleted after a period of seven days.

5. Right to object and deletion options

The newsletter subscription can be canceled by the data subject at any time. For this purpose, there is a corresponding link in every newsletter.

This also enables a revocation of the consent to the storage of the personal data collected during the registration process.

VI. Registration

1. Description and scope of data processing

On our website we offer users the option to register by providing personal data. The data is entered into an input form and transmitted to us and stored. The data is not passed on to third parties. The data provided during registration is collected as part of the registration process.
At the time of registration the following data is also stored:

1. The user's IP address
2. Date and time of registration

As part of the registration process the user's consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for processing the data is, if the user has given consent, Art. 6(1)(a) GDPR.

If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Art. 6(1)(b) GDPR.

3. Purpose of data processing

A user's registration is required to make certain content and services available on our website.

A user's registration is also required to fulfill a contract with the user or to carry out pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for data collected during the registration process when the registration on our website is cancelled or changed.

This is the case for data collected during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer necessary for the performance of the contract. Even after conclusion of the contract, it may be necessary to retain the contractual partner's personal data in order to comply with contractual or legal obligations.

5. Right to object and removal options

As a user you have the option at any time to cancel the registration. You can have the data stored about you changed at any time. To do so, contact us using the contact details provided in the imprint.
If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not oppose deletion.

VII. Contact form and email contact

1. Description and scope of data processing

There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input form is transmitted to us and stored.

At the time the message is sent the following data is also stored:

1. The user's IP address
2. Date and time of registration

For the processing of the data your consent is obtained as part of the sending process and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.

In this context, there is no transfer of the data to third parties. The data are used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data, if the user has given consent, is Art. 6(1)(a) GDPR.

The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

3. Purpose of data processing

The processing of the personal data from the input form serves us solely to handle the contact request. In the case of contact by email, the necessary legitimate interest in processing the data also exists.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Retention period

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when the circumstances indicate that the matter in question has been finally clarified.

The personal data additionally collected during the sending process will be deleted no later than after a period of seven days.

5. Right to object and removal

The user may withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of the contact will be deleted in this case.

VIII. Web analysis by Matomo (formerly PIWIK)

Matomo offers various options for web analysis. This tool provides the option to operate without setting cookies and only with anonymized or without IP addresses. Consequently, consent requirements would then not apply. The statement presented below represents the standard case in which cookies are set.

1. Scope of processing of personal data

On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software places a cookie on the users' computer (see above for cookies). When individual pages of our website are accessed, the following data are stored:

1. Two bytes of the IP address of the user's requesting system
2. The page visited
3. The website from which the user reached the visited page (referrer)
4. The subpages that are accessed from the visited page
5. The duration of stay on the page
6. The frequency of visits to the page

The software runs exclusively on the servers of our website. Personal data of users are stored only there. No transfer of the data to third parties takes place.
The software is configured so that IP addresses are not stored in full; instead, 2 bytes of the IP address are masked (e.g., 192.168.xxx.xxx). In this way it is no longer possible to associate the shortened IP address with the requesting device.

2. Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The processing of users' personal data allows us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Our legitimate interest in processing the data under Art. 6(1)(f) GDPR also lies in these purposes. The anonymization of the IP address adequately takes into account users' interest in the protection of their personal data.

4. Duration of storage

The data are deleted as soon as they are no longer needed for our recording purposes.

5. Right to object and removal options

Cookies are stored on the user's device and transmitted from there to our site. Therefore, as a user you also have full control over the use of cookies. By changing the settings in your web browser you can disable or restrict the storage of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all functions of the website in full.

IX. Integration of external services

Embedding YouTube videos

We embed videos from the YouTube service on our website, an offering of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). When a video is played, your browser automatically loads data such as IP address, browser type, operating system, date/time and interactions to YouTube's servers. YouTube may also use cookies and similar technologies. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing multimedia content). Because YouTube sets tracking cookies, we obtain your consent in advance. You can withdraw your consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework (“Privacy Shield”). Further information can be found in Google's privacy policy at https://policies.google.com/privacy. You have all data subject rights under the GDPR.

Embedding Vimeo videos

We embed videos from the Vimeo service on our website. The provider is Vimeo.com, Inc., 330 West 34th Street, New York, NY 10001, USA. As soon as you start such a video, your browser automatically establishes a connection to Vimeo's servers. In doing so, in particular your IP address, information about browser/operating system, date and time of access and your interactions (e.g., start, pause) are transmitted. Vimeo uses cookies and similar tracking technologies. The embedded player sets, among others, the cookie “vuid” (storage duration ≈ 2 years, purpose = usage statistics) and “player” (≈ 1 year, purpose = storing your player settings); further technically necessary cookies may be added, e.g., for bot protection.
The legal basis for the embedding is Art. 6(1)(f) GDPR (legitimate interest in an attractive, multimedia presentation of our offerings). Because the Vimeo players may set cookies for reach and usage analysis, we obtain your explicit consent under Art. 6(1)(a) GDPR before loading the player. You can withdraw this consent at any time in the cookie settings of our website with effect for the future.
By using the player, personal data are transmitted to the USA. Vimeo participates in the EU-US Data Privacy Framework and is thus certified under Art. 45 GDPR for transatlantic data transfer.
For more information on data processing by Vimeo, please see the provider's privacy policy at https://vimeo.com/privacy. You have all data subject rights under the GDPR (access, rectification, erasure, restriction of processing, data portability, complaint to a supervisory authority).

Embedding Google Maps

On our website we use the Google Maps mapping service of Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland). With each map request, your browser automatically loads data such as IP address, browser type, geodata (if released), date/time and cookies to Google's servers. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in an interactive map display). Your consent is required in advance because Google Maps may set tracking cookies. You can withdraw consent at any time in our cookie settings. Data are transferred to the USA; Google is certified under the EU-US Data Privacy Framework (“Privacy Shield”). Further information: https://policies.google.com/privacy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Embedding OpenStreetMap

Our website uses OpenStreetMap, provided by the OpenStreetMap Foundation (65 Leazes Park Road, Newcastle upon Tyne, NE1 4PF, United Kingdom). When the map is loaded, only map data (tile images, scripts) are retrieved from the OpenStreetMap server; personal data are only collected if you agree to share your device's location. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in map display). OpenStreetMap does not set tracking cookies, so no consent is required. The servers are located in Europe; no transfer of data to third countries takes place. Further information: https://osmfoundation.org/wiki/Privacy_Policy. Data subject rights: access, rectification, erasure, restriction of processing, data portability, objection.

Embedding tawk.to chat

On our website we use the live chat service tawk.to, a service of tawk.to Inc. (187 East Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA). When the chat widget is loaded, data such as IP address, browser type, operating system, date/time of access and, if applicable, location data and cookies are automatically transmitted to tawk.to. The processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in direct user communication). Because tawk.to sets cookies, the consent you have given for this is required and can be revoked at any time via our cookie banner. The data transfer to the USA takes place with tawk.to's participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Further information can be found in tawk.to's privacy policy at https://www.tawk.to/privacy-policy/. You have the data subject rights regulated in the GDPR (access, rectification, erasure, restriction of processing, data portability, objection).

Embedding Google Fonts

We use fonts ("Google Web Fonts") from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website to improve readability and the uniform appearance of our pages. The font files are only loaded after you have expressly consented to the corresponding category ("Fonts/External Media") via our consent banner. Only after your consent does your browser establish a connection to the domains fonts.googleapis.com and fonts.gstatic.com; in doing so, your IP address and certain technical information (e.g., browser type, operating system and referrer URL) are transmitted to Google in the USA. The legal basis for this data processing is your voluntary consent pursuant to Art. 6(1)(a) GDPR, which is given exclusively for the stated purpose. You can withdraw your consent at any time with effect for the future by clicking "Change settings" in the cookie banner or by deleting the corresponding cookies in your browser. Details on the storage duration and scope of the data processed by Google can be found in Google's privacy policy at https://policies.google.com/privacy. For more information about your rights and general information about data protection, please refer to the other sections of this privacy policy.

Integration of Google Analytics (GA4)

Based on your consent (Art. 6(1)(a) GDPR), we use the web analytics tool Google Analytics version 4. Service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for Europe Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, acts on its behalf. The purpose of processing is to statistically evaluate user behavior on our website, measure reach, and continuously optimize our content.
For this purpose, Google Analytics stores, among other things, device and browser information, pseudonymized user IDs, pages accessed, dwell time, click paths, approximate location data, and events defined by us (e.g., scroll depth or video views). The IP address is truncated (so-called IP anonymization) before any further processing within the EU or EEA so that it no longer allows direct personal identification.
The collected information may be transferred to and processed on Google servers in the USA. Google bases these transfers on the EU Standard Contractual Clauses; additionally, there is a data processing agreement with Google pursuant to Art. 28 GDPR. By default, user and event data are stored for 14 months and then automatically deleted or anonymized; deviating retention periods are documented by us in the Google Analytics interface.
You can withdraw your consent at any time with effect for the future by disabling the “Statistics” category in our cookie banner. In addition, Google offers a browser add-on to disable Google Analytics at https://tools.google.com/dlpage/gaoptout. The lawfulness of processing carried out up to the time of withdrawal remains unaffected.

X. Rights of the data subject

If personal data about you are processed, you are a data subject within the meaning of the GDPR and have the following rights against the controller:

1. Right of access

You may request from the controller confirmation as to whether personal data concerning you are being processed by us.
If such processing is taking place, you may request access from the controller to the following information:

1. the purposes for which the personal data are processed;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of a right to request rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the source of the data, if the personal data are not collected from the data subject;
8. the existence of automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information on whether the personal data concerning you are transferred to a third country or to an international organization. In this context you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary to fulfill those research or statistical purposes.
Your right of access, in the case of AI-based data processing, extends to processing activities and the operational principles of the AI systems used for data processing.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of personal data concerning you if they are inaccurate or incomplete. The controller shall rectify such data without undue delay.
Your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary to fulfill those research or statistical purposes.

3. Right to restriction of processing

Under the following conditions you may request restriction of processing of your personal data:

1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
3. the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
4. you have objected to processing pursuant to Art. 21(1) GDPR and it is not yet clear whether the controller’s legitimate grounds override yours.

Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing was restricted according to the above-mentioned conditions, you shall be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be restricted insofar as it is likely to render impossible or seriously impair the achievement of the objectives of research or statistical purposes and the restriction is necessary for the fulfilment of those research or statistical purposes.

4. Right to erasure

a) Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and where there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties

Where the controller has made public the personal data concerning you and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary for:

1. exercising the right of freedom of expression and information;
2. compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
5. for asserting, exercising or defending legal claims.

5. Right to be informed

If you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller shall communicate any rectification, erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, provided that

1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
2. the processing is carried out by automated means.

In exercising this right you also have the right to obtain that the personal data concerning you be transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be adversely affected.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You shall have the right, in the context of using information society services - notwithstanding Directive 2002/58/EC - to object to processing of personal data concerning you by automated means using technical specifications.

You shall also have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR.

Your right to object may be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of those purposes.

8. Right to withdraw your data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

1. is necessary for entering into or performance of a contract between you and the controller,
2. is authorized by Union or Member State law to which the controller is subject and which contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
3. is based on your explicit consent.

However, such decisions must not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall implement appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain human intervention by the controller, to express your own point of view, and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.