PRIVACY STATEMENT
The protection of your personal data is very important to us, and we treat this topic very carefully.
Your personal data are transmitted in encrypted form over the Internet. We secure our website and other systems using technical and organisational measures to protect against loss, destruction, access, modification or dissemination of your data by unauthorised persons.
1. NAME AND ADDRESS OF THE CONTROLLER
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national legislation of Member States for the protection of privacy as well as other provisions for the protection of privacy is:
ALFRED TALKE GmbH & Co. KG
represented by ALFRED TALKE Verwaltungsgesellschaft mbH, in turn represented by Managing Directors Alfred Talke, Markus Glöckler and Christoph Grunert
Max-Planck-Straße 20
50354 Hürth
Deutschland
Tel. +49 (0)2233 599-0
Fax +49 (0)2233 599-263
E-Mail info@talke.com
2. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
The controller’s data protection officer can be contected via:
ALFRED TALKE GmbH & Co. KG
Max-Planck-Straße 20
50354 Hürth
Deutschland
Tel. +49 (0)2233 599-0
Fax +49 (0)2233 599-263
E-Mail Datenschutz@talke.com
3. GENERAL INFORMATION ON DATA PROCESSING
3.1. Scope of processing of personal data
We collect and utilise our users’ personal data only insofar as this is necessary for the provision of an operational website along with our content and services. The collection and utilisation of our users’ personal data is undertaken periodically and only subject to the user’s consent. An exception applies in those cases in which prior consent cannot be obtained for legal or factual reasons and the processing of these data is permitted by applicable law.
3.2. Legal basis for the processing of personal data
Where we obtain the consent of the data subject for processing steps, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as a legal basis for the processing of personal data.
Art. 6 (1) (b) GDPR shall form the basis in law for the processing of personal data as required for performance of a contractual agreement to which the data subject is a party. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
Art. 6 (1) (c) GDPR shall form the basis in law for the processing of personal data as necessary to fulfil a legal obligation to which our company is subject.
Art. 6 (1) (d) GDPR shall form the basis in law in cases in which the vital interests of the data subject or of another natural person require the processing of personal data.
Art. 6 (1) (f) GDPR shall form the basis in law for cases in which this processing is necessary to the protection of a legitimate interest of our company or of a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest.
3.3. Storage period and deletion of data
The data subject’s personal data will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will be blocked or deleted even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for the conclusion or performance of a contract.
4. DEPLOYMENT OF THE WEBSITE AND CREATION OF LOG FILES
4.1. Description and scope of data processing
With every visit to our website, our system automatically collects data and information from the computer system of the accessing computer
The following data are collected in this connection:
- Information about the browser type and the version used
- The user’s operating system
- The user's IP address
- Date and time of access
The data are also stored in the log files of our system.
These data are not stored together with other personal data of the user.
4.2. Basis in law for the processing of data
The legal basis for the temporary storage of data and of log files is Art. 6 (1) (f) GDPR.
4.3. Purpose of data processing
Temporary storage of an IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.
The data are stored in log files to ensure the website’s functionality. The data also serve to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.
These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.
4.4. Period of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.
If the data have been stored in log files, this will be undertaken after seven days at the latest. Storage of data beyond this period is possible. In this case, the user’s IP addresses will be deleted or altered to ensure that an identification of the accessing client is no longer possible.
4.5. Options for objection and removal
Collection of data for provision of the website and the storage of data in log files are absolutely necessary for operation of the website. Consequently, there is no option for objection on the part of the user.
4.6. WhatsApp
When using services like WhatsApp, please be aware that WhatsApp, Inc. receives personal data (in particular, communication metadata), which may also be processed on servers located in countries outside the EU (e.g., the USA). WhatsApp shares this data with other companies within and outside the Facebook group of companies. Further information can be found in WhatsApp's privacy policy (https://www.whatsapp.com/legal?eea=1#privacy-policy). We have no precise knowledge of or influence over data processing by WhatsApp, Inc. Contact: WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, United States of America. WhatsApp is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active), which provides a guarantee of compliance with European data protection law. The legal basis for data processing is the consent of the data subjects in accordance with Art. 6 (1) a) EU GDPR, which you provide to us by using this means of communication.
For our part, we initially use the phone numbers transmitted to us through contact via WhatsApp only for the first exchange. Only if a subsequent application process is initiated do we store this phone number for further correspondence. We delete contact data that is no longer needed immediately.
5. USE OF COOKIES
5.1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser to the user’s computer system. If a user visits a website, a cookie may be stored to the user’s operating system. These cookies contain a distinctive character string that enables precise identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require that the browser accessing the website be identifiable even after a page change.
When our website is accessed, an information banner notifies users of the use of cookies and refers to this Privacy Statement. In this connection, a note is also included, indicating how the user can modify his or her browser settings to disable the storage of cookies.
For purposes of providing our website generally, and for the provision of our announcements of vacancies in particular, we use cookies.
The cookies used when providing our website are as follows:
- Cookie: dp_cookieconsent_status für den Consent Banner
- Cookie: mtm_consent, mtm_consent_removed and mtm_cookie_consent. This cookie is used to store whether you have confirmed the info banner via cookies.
Storage period: 30 years - Cookie: _pk_ses, _pk_cvar. Session cookie for anonymized recording of page views on www.talke.com only.
Storage duration: 30 minutes - Cookie: _pk_id. Anonymized visitor count by Matomo.
Storage duration: 13 months - Cookie:_pk_ref. Stores the attribution information, the referrers that were originally used to visit the website.
Storage period: 6 months - Cookie: matomo_sessid. Combines information obtained from the aforementioned cookies and stores it for analysis with Matomo. No data is collected to identify visitors and is considered an "essential" cookie.
Storage period: 14 days - Cookie: matomo_ignore. Cookie stored by Matomo that is required to disable analysis using Matomo.
Storage period: 30 years
We provide our announcements of vacancies using an applicant-management system by d.vinci HR-Systems GmbH, of Hamburg. The cookies deployed by this system are: _gat, _ga, _gid and JSESSIONID and are explained in the provider’s Privacy Statement, at https://www.dvinci.de/datenschutz.
We have also embedded YouTube videos in our website. For this we use the advanced data protection mode of YouTube. When you visit our website, according to YouTube, no information about visitors to our website is initially stored in this context. This doesn't happen until the embedded videos are played. You can find out more about their use of cookies on YouTube's websites - see https://policies.google.com/privacy?hl=de&gl=de
YouTube uses the following cookies to indicate that an embedded video is available:
- Cookie: 1P_JAR. Google cookie for user tracking and advertisement.
Storage period: 1 week - Cookie: CONSENT. Tests if cookies are applicable.
Storage period: permanent - Cookie: _ga. Distinguishes users.
Storage period: 2 years
For details on the cookies used by us and placed by the Piwik analytical system, please refer to the relevant Section 6 of this Privacy Statement.
5.2. Basis in law for the processing of data
The basis in law for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.
Where a consent by the user to this effect has been provided, the basis in law for the processing of personal data using cookies for analytical purposes is Art. 6 (1) (a) GDPR.
5.3. Purpose of data processing
TTALKE uses cookies to provide you with an experience that is optimally tailored to your needs when using its Internet offers. By using cookies, TALKE can, for example, ensure that you are not presented with the same information each time you revisit a particular page. Cookies can also be used to optimise a website’s performance.
The purpose for using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. In this case, the browser has to be recognised even after changing the page.
We require cookies for the following applications:
- Saving the language settings
- Hiding the cookie info banner
The user data collected using technically necessary cookies are not used to generate user profiles.
Analytical cookies are used to improve the quality of our website and its content. With analytical cookies, we learn how the website is used and can constantly optimise our offer.
These purposes also encompass our legitimate interest in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.
Please refer to the table above for details on the respective purpose for the individual cookies.
In the interest of a structured and legible presentation of the content, we also use web fonts by the provider Adobe (Adobe Typekit). Adobe does not collect any personal data when providing this service. Cf. Adobe’s privacy policy for the Adobe Typekit font service, at https://www.adobe.com/de/privacy/policies/typekit.html.
5.4. Period of storage, options for objection and removal
Cookies are stored on the user’s computer, which then transmits them to our website. As a user, you thus have full control of the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can be done automatically as well. If cookies are disabled for our website, it may no longer be possible to make full use of all of the website’s functions.
6. WEB ANALYTICS BY MATOMO
6.1. Description and scope of data processing
On our website, we use the open-source software tool PIWIK (now ‘Matomo’) to analyse our users’ surfing behaviour. The software stores a cookie to the user’s computer (for more information about cookies, see above). If individual pages of our website are called up, the following data are stored:
- Two bytes of the IP address of the user’s system calling up the page(s)
- The website called up
- The sub-pages called up from the website that has been called up
- The residence time on the website
- The frequency with which the website is called up
The software runs exclusively on the servers of our website. Users’ personal data are stored there alone. The data are not transferred on to third parties.
The software is set so that the IP addresses are not stored in their entirety; instead, 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). This makes it impossible to associate the truncated IP address with the computer calling up the website.
6.2. Basis in law for the processing of data
The basis in law for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.
6.3. Purpose of the data collection
By processing users’ personal data, we can analyse our users’ surfing behaviour. Evaluation of the data collected puts us in a position to compile information about the use of the individual components of our website. This helps us constantly improve our website and its user-friendliness. These purposes also encompass our legitimate interest in the processing of data in accordance with Art. 6 (1) (f) GDPR. Anonymisation of the IP address takes adequate account of the users’ interest in protecting their personal data.
6.4. Period of storage
The data will be deleted as soon as they are no longer needed for our recording purposes. In our case, this is the case after 7 (seven) days.
6.5. Option for objection and removal
Cookies are stored on the user’s computer, which then transmits them to our website. As a user, you thus have full control of the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can be done automatically as well. If cookies are disabled for our website, it may no longer be possible to make full use of all of the website’s functions.
On our website, we offer our users the possibility of opting out of the analytics process. To do this, you must untick the link (directly below) that is set by default. This stores another cookie (opt-out cookie) on your system that signals to our system that the user’s data must not be stored. If, in the meantime, the user deletes the corresponding cookie from his or her own system, the user must re-set the opt-out cookie.
More information on the PIWIK/Matomo software privacy settings can be found through the following link: https://matomo.org/docs/privacy/.
7. CONTACT VIA EMAIL AND CONTACT FORM
7.1. Description and scope of data processing
Our website permits contact using the e-mail addresses provided as well as a contact form. In this case, the user's personal data that are transmitted along with the e-mail or contact form will be stored.
In association with this, the data will not be transferred to third parties. The data are used exclusively for the processing of the conversation.
7.2. Basis in law for the processing of data
Art. 6 (1) (f) GDPR provides the legal basis for the processing of data transferred in the course of sending an e-mail. If the e-mail contact aims to conclude a contract, then an additional legal basis for the processing is provided under Art. 6 (1) (b) GDPR.
7.3. Purpose of data processing
We process personal data from the input screen solely for purposes of processing the contact request. This also constitutes the necessary legitimate interest in processing the data.
7.4. Period of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of personal data transmitted via e-mail, this is the case if the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.
7.5. Option for objection and removal
The user has the option of revoking his or her consent to the processing of personal data at any time. A user who has contacted us by e-mail can object at any time to the storage of his or her personal data. In this case, it will not be possible to continue the conversation.
In this case, all of the personal data stored in the course of contacting us will be deleted
8. APPLICATION VIA THE CONTACT FORM
8.1. Description and scope of data processing
Our website also presents you with job offers and an opportunity to apply online. Here, you have the choice between advertised vacancies and an unsolicited application. In both cases, we provide you with a contact form for your use in applying. If a user accepts this option, the data entered in the input screen will be transmitted to us and stored. These data are:
- Form of address*
- Title
- First name*
- Last name*
- Date of birth
- Street*
- Postal code*
- City*
- Email address
- Telephone*
- Telephone alternative
- Earliest possible start date
- Desired place of work
- Desired salary
- Comments
- Complete application materials*
- Application photo
- How did you hear about us?
*Fields marked with an asterisk (*) are required fields.
The following data is also stored at the time the message is sent:
- The user's IP address
- Date and time of the request
During the sending process, your consent is obtained for processing data and reference is made to this data protection declaration.
Application data can be passed on within the TALKE Group, where this is necessary in the context of the application (e.g. when applying for an international position, or as part of an unsolicited application). The TALKE Group includes the companies listed under www.talke.com/en/company/locations.
It is noted that some of these companies are located outside of the European Union or outside of the countries that, in the estimation of the European Commission, ensure an adequate level of data protection.
The applicant’s data will be accessible only to the HR staff of the TALKE Group company considering the application along with the competent supervisors and their trusted persons within the relevant departments. Personal data are used solely by the TALKE Group and are not disclosed or sold to third parties.
If necessary, data from the application process can be shared with external companies involved in the application process as service providers.
Third-party category: Provider of the web-based applicant-management system
Name and address of the third party: d.vinci HR-Systems GmbH Nagelsweg 37-39, 20097 Hamburg
Data that can be transmitted: Cf. list under Item 8.1 of this Privacy Statement
Purpose of data transmission: Acceptance and administration of applications submitted
In each case, the transfer of data – both within the TALKE Group and to external third parties – occurs subject to the purpose of executing the specific application procedure.
If the applicant is hired, for HR-management purposes, the TALKE Group may also transfer his or her data to the HR systems of the company hiring the applicant.
8.2. Basis in law for the processing of data
The basis in law for processing and forwarding of the data is the existence of user consent under Art. 6 (1) (a) GDPR, as well as – even without the user’s explicit consent – Art. 6 (1) (b) GDPR, as the contact is established to initiate a contract of employment.
If the data are generally required to reply to your request, Art. 6 (1) (f) GDPR is an additional legal basis. Art. 6 (1) (f) GDPR also constitutes the basis in law where the other data processed during the sending process are concerned.
8.3. Purpose of data processing
The TALKE Group uses an applicant's personal data to check the application, to confirm the information contained therein, to obtain references and security or other background information and finally to contact the applicant. Once your data has been received via the online application, a confirmation of receipt is automatically sent to the e-mail address provided in the form. This is also the reason for our legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the form and to ensure the security of the IT systems used by us and by third parties commissioned by us. This is also part of the justification for our legitimate interest in processing the data.
8.4. Period of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For data from the application form, this is the case if the application procedure has been finally completed. This is the case either 180 days after rejection or 12 months after receipt of the application, whichever occurs first.
Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.
8.5. Options for correction, objection and removal
At all times, the user has the option of updating his or her application data (e.g. to reflect a change of address) or of revoking his or her consent to the processing of personal data. The application procedure cannot continue in the event of a revocation.
Point of contact for the application procedure:
ALFRED TALKE GmbH & Co. KG
Human Resources
Max-Planck-Straße 20
50354 Hürth
Email: bewerbung@talke.com
Telephone: 02233/599-0
In the case of revocation of consent, all of the personal data stored in the course of the application will be deleted.
9. USE OF THE TOOL ‘HTML5SHIV’
9.1. Description and scope of data processing
The applicant-management system by d.vinci HR Systems embedded in our website uses the ‘html5shiv’ tool provided by Google Inc. (‘Google’). To facilitate correct integration of the tool, the following data can be sent to Google when you call up our website:
- Information about the browser type and the version used
- The user’s operating system
- The user’s Internet service provider
- The user's IP address
- Date and time of access
- Pages on our website accessed by the user’s system
9.2. Basis in law for the processing of data
The basis in law for the processing of personal data using the tool ‘html5shiv’ is Art. 6 (1) (f) GDPR.
9.3. Purpose of data processing
The tool html5shiv enables the correct display of so-called ‘html5 code’ on older browser versions of Microsoft Internet Explorer. This is the only way it will be technically possible for visitors to our homepage to use our website using such an older browser. This purpose also encompasses our legitimate interest in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.
9.4. Period of storage
We do not collect any data in this connection. We have no knowledge of the exact period of storage at Google – nor do we have any way to influence the duration of storage there.
9.5. Option for objection and removal
The collection of data for provision of the website and the transmission of data are absolutely necessary for operation of the website. Consequently, there is no option for objection on the part of the user.
For more information about your options for objection and removal vis-à-vis Google, visit: https://privacy.google.com/
10. RIGHTS OF THE DATA SUBJECT
10.1. Right to information
You can request that the controller confirm whether we will process personal data concerning you.
If such processing occurs, you can require the controller to disclose the following information:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to which the personal data concerning you has been or will be disclosed;
- the planned period of storage of the personal data concerning you or, if specific information in this respect is not possible, the criteria used to determine the storage period;
- the existence of a right of rectification or erasure of personal data that concern you, of a right to restrict processing by the controller, or of a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data, if the personal data have not been collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – reliable information about the logic involved and the scope and the desired effects of such processing for the data subject.
You have the right to request information as to whether personal information concerning you will be transmitted to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
10.2. Right of rectification
You have a right of rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller must make the rectification immediately.
10.3. Right to limitation on processing
You may request limitation of the processing of personal data concerning you under the following conditions:
- if you dispute the accuracy of the personal data concerning you for a period of time that permits the controller to verify the accuracy of the personal data;
- the processing is unlawful and you reject erasure of the personal data and instead request limitation on the use of the personal data;
- the controller no longer requires the personal data for purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or
- if you have filed an objection to processing in accordance with Art. 21 (1) GDPR, and it has not yet been established whether the controller’s legitimate grounds for processing override your own grounds.
Where processing of the personal data concerning you has been limited, such data – apart from their storage – may be processed only with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or on grounds of an important public interest of the European Union or of a Member State.
If processing has been limited in accordance with the above conditions, you will be informed by the controller responsible before the limitation is lifted.
We do not disclose personal data to third parties unless this is necessary for the execution of an order, specifically for delivery of goods by our logistics partner, for review of creditworthiness and for the payment processing, or if you have granted us your consent to disclosure, or if the disclosure is otherwise permitted under relevant provisions of applicable law.
If you intend to pay by direct debit / bank collection or via an invoice, in order to assert our legitimate interests in payment for our merchandise, in strict compliance with the regulations governing data protection, and with due regard for your legitimate concerns, we reserve the right to use your data for purposes of a check of your creditworthiness. You may obtain information from us about the data stored about you.
10.4. Right to erasure
You can request that the controller erase personal data concerning you without delay, and the controller has the obligation to erase these data without delay wherever one of the following grounds applies:
- the personal data about you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according to Art. 6 (1) (a) GDPR, or Art. 9 (2) (a), and where there is no other legal ground for the processing;
- you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
- the personal data applicable to you have been unlawfully processed;
- the personal data about you have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
- the personal data about you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
10.5. Forwarding information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
10.6. Exceptions
The right to erasure shall not apply if processing is required
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) GDPR as well as Art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
10.7. Right to be informed
If you have exercised your right to have the controller rectify, erase or limit processing of personal data, the controller shall have an obligation to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of these data, or of the limitation on processing thereof, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
10.8. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
- the processing is carried out by automated means.
In exercising his or her right, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not extend to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
10.9. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
10.10. Right to revoke the data-protection declaration of consent
You have the right to revoke your data-protection declaration of consent at any time. Revocation of consent will not affect the legality of processing undertaken on the basis of this consent prior to its revocation.
10.11. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for entering into, or performance of, a contract between you and a data controller,
- is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
However, these decisions may not be based on specific categories of personal data pursuant to Art. 9 (1) GDPR, unless Article 9 (2) (a) or (g) applies and appropriate measures have been taken to protect rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10.12. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.