Usenet

privacy statement

Add Comment

Please enable JavaScript and reload the page! Privacy statement Thank you for your interest in our website. The protection of your privacy is very important to us. Below we inform you in detail how we will handle your data. I. Name and address of the responsible party The responsible party as defined by the General Data Protection Regulation and other national data protection laws of member states as well as other data protection regulations is: Usenet.nl S.r.l. Piazza Enrico Enriquez 22 47891 Dogana San Marino Phone: +44 20 3670 5871 E-mail: info@usenet.nl II. General information about data processing <ol> <li> Scope of the processing of personal data We generally process the personal data of our users only to the extent to which it is required for providing a functional website as well as our contents and services. The personal data of our users are generally processed only with the consent of the user. An exception applies in such cases in which it is not possible to obtain consent beforehand for factual reasons and in which the legal provisions permits the processing of data. </li> <li> Legal basis for the processing of personal data Section 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR) forms the legal basis if we obtain consent of the person concerned for the processing of personal data. Section 6 Para. 1 lit.b GDPR forms the legal basis for the processing of personal data required for performing a contract whose contractual party is the person concerned. This also applies to the processing required to perform precontractual measures. Section 6 Para. 1 lit. c GDPR forms the legal basis if the processing of personal data is required to comply with a legal obligation. Section 6 Para. 1 lit.d GDPR forms the legal basis in case that the vital interests of the person concerned or of any other individual will require the processing of personal data. If the processing is required to protect a legitimate interest of our company or a third party and if the interests, basic rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, Section 6 Para. 1 lit.f GDPR will then form the legal basis for the processing. </li> <li> Deletion of data and storage period The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage becomes obsolete. In addition, Data will be stored if this has been intended by the European or national lawmakers in union regulations, laws or other provisions that the responsible party is subject to. The data will also be deleted or blocked if a required storage period expires according to the mentioned rules unless the continued storage of the data is required for concluding a contract or performing a contract.</li> </ol>   III. Provision of the website and log files <ol> <li> Description and scope of the processing of data Every time our website is called up, our system will automatically collect data and information from the computer system of the calling computer. The following data are collected: </li>               &nbsp. - Information about the browser type               &nbsp. - The operating system of the user               &nbsp. - The IP address of the user               &nbsp. - The user's Internet service provider               &nbsp. - Date and time of day of the visit               &nbsp. - Websites from which the user's system accesses our website The data are also saved in the log files of our system. These data will not be saved together with other personal data of the user. <li> Legal basis for the data processing The legal basis for the temporary storage of the data and the log files is Section 6 Para.1 lit. f GDPR</li> <li> Purpose of the data processing The temporary storage of the IP address by the system is necessary to allow the delivery of the website to the user's computer. The IP address of the user must be saved for the duration of the session. Data are saved in log files in order to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. These purposes are also in our legitimate interests in the processing of data according to Section 6 Para .1 lit. f GDPR. </li> <li> Duration of the storage The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. If data are collected for the provision of the website, this will apply when the corresponding session has ended. </li> <li> Option to object and delete The collection of the data for the provision of the website and the storage of the data in log files is necessary to operate the website. The user has therefore no option to object. </li> </ol> IV. Use of cookies <ol> <li> Description and scope of the processing of data Our website uses cookies. Cookies are text files that are saved in the Internet browser or by the Internet browser on the computer system of the user. A cookie can be saved in the user's operating system when a user calls up a website. This cookie contains a characteristic string of characters that allows for a clear identification of the browser when the website is revisited. We use cookies to make our website more user-friendly. Some elements of our website require that the browser can also be identified after a page change. The following data are saved and transmitted in the cookies: a) Article in a shopping cart b) Login information When our website is called up, an info banner informs the users about the use of cookies for analytical reasons and refers to this data privacy statement. In this context, it will also be indicated how the storage of cookies can be disabled in the browser settings. </li> <li> Legal basis for the data processing Section 6 Para. 1 lit. f GDPR forms the legal basis for the processing of personal data using cookies. </li> <li> Purpose of the data processing The purpose of the use of technically required cookies is to make it easier for the user to use websites. Some of the functions on our website can not be offered without the use of cookies. For these functions it is necessary that the browser is recognised even after a change of page. The following applications require cookies: a) Language settings The user data collected via technically necessary cookies are not used to create user profiles. These purposes are also in our legitimate interests in the processing of the personal data in accordance with Section 6 Para .1 lit. f GDPR. </li> <li> Duration of storage, option to object and delete Cookies are saved on the user's computer and sent from this computer to our site. As a user, you have therefore also full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies already saved can be deleted at any time. This can take place also automatically. If cookies are deactivated for our website, it won't be possible any longer to fully use some of the functions. </li> </ol> V. Newsletter <ol> <li> Description and scope of the processing of data If you purchase goods or services on our website and provide your e-mail in the process, then we can use the e-mail afterwards for sending you a newsletter. In such a case, only direct advertisements are sent via the newsletter for our own similar goods or services.   The data are used exclusively for mailing the newsletter. </li> <li> Legal basis for the data processing 7 Para. 3 UWG (Law Against Unfair Competition) forms the legal basis for the mailing of the newsletter as a result of the sale of goods or services. </li> <li> Purpose of the data processing The collection of the user's e-mail address is used to deliver the newsletter. The collection of other personal data during the registration process is used to prevent the misuse of the services or the used e-mail. </li> <li> Duration of the storage The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. </li> <li> Option to object and delete The user can cancel the subscription of the newsletter at any time. For this purpose, you will find a corresponding link in every newsletter. This also allows for the cancellation of the consent for the storage of personal data collected during the registration process. </li> </ol> VI. Registration <ol> <li> Description and scope of the processing of data On our website we offer users the option to register by providing personal data. The data will be entered into an input mask and transmitted to us and saved.&nbsp. The data will not be disclosed to a third party. The following data are collected within the scope of registration process: <ul> <li>Title</li> <li>First and last name</li> <li>Address</li> <li>E-mail address</li> <li>Phone number</li> <li>Payment method</li> </ul> The following data are also saved at the time of the registration: <ul> <li>IP Address</li> Consent of the user for the processing of these data is obtained in the course of the registration process. </ul> </li> <li> Legal basis for the data processing Section 6 Para. 1 lit. a GDPR forms the legal basis for the processing of the data provided that the user has given his consent. Section 6 Para. 1 lit. b GDPR will form the additional legal basis for the processing of data if the registration is required for performing a contract whose contractual party is the user or for performing precontractual measures. </li> <li> Purpose of the data processing A registration of the user is required for the provision of certain contents and services on our website. A registration of the user is required for performing a contract or executing precontractual measures as well as for direct advertising. </li> <li> Duration of the storage The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. </li> <li> Option to object and delete As a user you will always have the option to cancel the registration. You can have the data saved about you changed at any time. For the performance of a contract or the execution of precontractual measures during the registration process, this will be the case if the data are no longer required for performing the contract. It might still be required to save the contractual partner's personal data even after the execution of the contract in order to comply with contractual or legal obligations. </li> </ol>   VII. Contact form and e-mail contact <ol> <li> Description and scope of the processing of data A contact form is provided on our website which can be used for making electronic contact. If a user chooses this option, all data entered in the input mask will then be transmitted to us and saved. This involves the following data: <ul> <li>E-mail address</li> <li>First and last name</li> <li>Customer number</li> <li>Phone number</li> </ul> Your consent for processing data is obtained and you will be referred to this privacy statement during the sending process. Alternatively, you can contact us via the provided e-mail address. In this case, the personal data of the user transmitted with the e-mail will be saved. In this context, the data will not be disclosed to a third party. The data are used exclusively for processing the conversation. </li> <li> Legal basis for the data processing Section 6 Para. 1 lit. a GDPR forms the legal basis for the processing of data provided that the user has given his consent. Section 6 Abs. 1 lit. f GDPR forms the legal basis for processing the data that are transmitted via e-mail. If the aim of the e-mail contact is the conclusion of a contract, Section 6 Abs. 1 lit. b GDPR will form an additional legal basis for the processing. </li> <li> Purpose of the data processing The processing of the personal data from the input mask is used solely for processing the contact. In case of a contact via e-mail, this is also the required legitimate interest in the processing of the data. The other personal data processed during the sending process are used to prevent the misuse of the contact form and to ensure the security of our IT systems. </li> <li> Duration of the storage The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. </li> <li> Option to object and delete The user has the option to withdraw his consent for the processing of personal data at any time. If the user contacts us via e-mail, he can then object to the storage of his personal data at any time. The conversation can not be continued in such a case. In this case, all personal data that have been saved in the course of the contact will be deleted.   </li> </ol> VIII. Newsletter tracking <ol> <li> Description and scope of the processing of personal data For sending e-mails, we use the software Inxmail (www.inxmail.de). The following data will be processed: <ul> <li>E-mail address</li> <li>Customer number</li> <li>Language</li> <li>First and last name</li> <li>Optional article information</li> <li>Promotional code in case of promotions</li> </ul> We use internal analyses options as to how the newsletters are opened and used. The following data will be evaluated for the analysis: <ul> <li>Newsletter ID</li> <li>Click or view</li> <li>Date</li> <li>IP Address</li> <li>Customer number</li> </ul> The evaluation of these data allows us to continuously improve our services and tailor them to the needs of the customer. </li> <li> Legal basis for the processing of personal data The legal basis is Section 6 Para. 1 lit. f GDPR </li> <li> Duration of the storage The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. </li> <li> Options to object and delete You can unsubscribe to the newsletter at any time. You will find a corresponding link in each e-mail.   IX. Disclosure of personal data to third parties <ol> <li> Pay services and payment methods </li> a) Description and scope of the processing of personal data In order to process payments, the following data will be forwarded to the corresponding pay service providers depending on the selected payment type: PayPal: If you have select PayPal for your payments, you will be automatically forwarded to the page of (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). The authorisation and processing of the payment takes place on the website of PayPal. For the authorisation at PayPal, we will transmit the following data to PayPal: <ul> <li> First and last name </li> <li> Billing address </li> <li> Delivery address </li> <li>E-mail address </li> <li> Order value </li> </ul> For the privacy policies of PayPal, please go to: https://www.paypal.com/de/webapps/mpp/ua/privacy-full Direct Debit: In case of direct debit, we work with the following pay service providers. For their privacy policies, please go to: <ul> <li>Intercard (https://www.intercard.de/de/karteninhaber/datenschutzinformationen)</li> <li>Ingenico (https://ingenico.de/payment-services/service/datenschutz)</li> <li>eMerchantPay (https://www.emerchantpay.com/privacy-policy/)</li> </ul> The following data are transmitted for the processing of the payment: <ul> <li> First and last name </li> <li> IBAN/account number </li> <li> BIC/Bank Code </li> <li> Invoice Amount </li> <li> Invoice Number </li> <li> Currency </li> <li> Date </li> <li> E-mail </li> </ul> Credit Card: In case of a credit card payment, we work with the following pay service providers. For their privacy policies, please go to: <ul> <li>Checkout (https://www.checkout.com/legal/privacy-policy)</li> <li>Ingenico (https://ingenico.de/payment-services/service/datenschutz)</li> <li>eMerchantPay (https://www.emerchantpay.com/privacy-policy/)</li> </ul> The following data will be disclosed to our pay service providers: <ul> <li> Credit card number </li> <li> CVV number </li> <li> Date of expiry (Month/Year) </li> <li> First and last name </li> <li> Address </li> <li> Invoice Amount </li> <li> Currency and country </li> <li> Date </li> <li> E-mail </li> <li> IP Address </li> </ul> b) Legal basis for the processing of personal data Section 6 Para. 1 lit. b GDPR forms the legal basis for the processing of data. c) Purpose of the data processing The disclosure of the aforementioned data and their processing is mandatory for performing the contract as well as the detection and prevention of fraud. Use of data for fraud prevention purposes The data you enter when you place an order may be used to check for unusual orders (e.g. simultaneous ordering of multiple goods to the same address using different customer accounts). We have a fundamental legitimate interest in carrying out such checks. The legal basis for the processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR). In order to prevent fraud, we employ the services of Kount Inc, 917 Lusk Street, Boise, Idaho 83706, USA (referred to hereinafter as “Kount”) to operate our website. Kount collects and processes data using Cookies and other tracking technologies in order to ascertain the terminal used by the user and other data relating to use of the website. No assignment to specific users takes place here. Where IP addresses are collected by Kount, these are subject to immediate encryption. Kount stores the data in a database for fraud prevention purposes. Data sent by us to Kount relating to end terminals that have previously been used to commit or in an attempt to commit fraudulent activity is also stored in the database. No assignment to particular users takes place here either. When an order is placed on our website, we retrieve a risk assessment on the user’s terminal from Kount’s database. This risk assessment on the likelihood of attempted fraud considers, among other things, whether the terminal has dialled in using different service providers, whether the terminal has a frequently changing georeference, how many transactions have been made via the terminal and whether it uses a proxy connection. The legal basis for the processing is Article 6(1)(f) GDPR. d) Duration of the storage The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. e) Options to object and delete The collection of the data and their storage as well as processing is mandatory for executing the contract. You have therefore not the option to object and delete <li> Website analyses services a) Description and scope of the processing of personal data, purpose of the data processing, duration of the storage, the options to object and delete Web analysis with Google Analytics This website uses Google Analytics, a web analysis service of the Google Inc. ("Google"). Google-Analytics uses so-called "cookies“. these are text files that are saved on your computer that allows us to analyse your use of the website. The information generated by the cookie about your visit to this website is usually sent to a Google server in the USA and stored at this location. If the IP-anonymisation is activated on this website, Google will first shorten your IP-address within the member states of the European Union or other signatories of the Agreement on the European Economic Area. Only in exceptional cases will the full IP-address be sent to a Google server in the USA and shortened at that location. On behalf of the operator of this website, Google uses this information on our behalf to evaluate your use of our website, to create reports about the website activities and to render additional services associated with the use of the website and Internet. The IP-address sent by your browser within the scope of Google Analytics will not be combined with other Google data. You can prevent the use of cookies via a corresponding setting of your Browser software. however, we would like to point out that in this case you won't be able to make full use of all the functions on our website. In addition, you can prevent the collection of data by Google generated by the cookie and related to the use of the website (incl. your IP-address) as well as the processing of these data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.Mobile users can use this link to deactivate Google Analytics. We have also made settings that will have Google Analytics delete the last part of the IP addresses of the visitors of our website. This prevents us from receiving data that would allow us to identify you. b) Legal basis for the processing of personal data Section 6 Para. 1 lit. f GDPR forms the legal basis for the processing of data.   </li> <li> Advertisement and marketing services a) Description and scope of the processing of personal data Our website uses the online ad systems Google AdWords and Google Display Network. Google ensures the protection of the data of its customers and users. To this effect, Google Adwords will place a cookie on your computer. These cookies will lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the website of the Adwords customer and the cookie has not yet expired, Google and the customer will know that the user has clicked on the ad and has been forwarded to this page. The information obtained this way is used to create statistics that are evaluated in anonymised form. We also use these Google Adwords functions to address visitors to this website on the websites of third parties or Internet users with specific interest profiles based on their use of the Internet. We will not collect any personal data in this context. This evaluation is used for billing and evaluating ads and does not contain your personal data. We would like to point out that Google has its own privacy policies. We accept no responsibility or liability for these policies and processes. Please consult the private policies of Google before using our website. MailGun We use MailGun to send emails. This means we can be sure that emails from us will not end up in your spam folder by mistake. MailGun also analyses which emails are delivered and opened as well as, if applicable, which links are clicked on. The information acquired is used to generate statistics. To enable this, your email address, the subject of the email and possibly additional data are saved for a max. of 30 days on the MailGun servers in the USA. However, the content of the email will not be saved. MailGun is certified under the EU-US Privacy Shield agreement. This guarantees MailGun’s compliance with European Data Protection laws. You can view the certification status here: https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active Mailgun Technologies, Inc. is headquartered at 535 Mission St., San Francisco, CA 94105, USA. You can view MailGun’s privacy policy here: https://www.mailgun.com/privacy-policy/ b) Legal basis for the processing of personal data Section 6 Para. 1 lit. f GDPR forms the legal basis for the processing of data. c) Purpose of the data processing The advertisements are required to finance our website. d) Duration of the storage e) Options to object and delete Users who do not want to participate in the tracking can easily deactivate the cookie of the Google Conversion Tracking via the user settings of their Internet browser. These users will not be included in the conversion tracking statistics.   </li> <li> Use of BytePlant </li> a) Description and scope of the data processing The data you provide when you place an order may be used to review whether the order transaction is atypical (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). In principle, we have a legitimate interest in carrying out such a review. The legal basis for the processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR). In order to prevent fraud, we use the services of BytePlant GmbH Software Solutions &amp. Consulting, Heilsbronner Strasse 4, D-91564 Neuendettelsau (hereinafter “BytePlant”) to operate our website. BytePlant uses cookies and other tracking technologies to collect and process data in order to identify the terminal device used by the user and other data about the use of the website. These data are not associated with any specific users. Where BytePlant collects IP addresses, these are immediately encrypted. BytePlant stores the data in a database for the purpose of fraud prevention. This database also contains data transmitted by us to BytePlant relating to terminal devices that have already been used in cases of (attempted) fraud. These data are not associated with any specific users either. When an order is placed on our website, we retrieve a risk assessment regarding the user’s terminal device from BytePlant’s database. This risk assessment on the likelihood of attempted fraud takes into account, among other things, whether the terminal device has accessed the website via different service providers, whether the terminal device’s georeference changes frequently, how many transactions the terminal device has made and whether it uses a proxy connection. The legal basis for the processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR). b) Legal Basis for the Processing The processing of the transmitted data is based on our legitimate interest in preventing fraud (Article 6(1)(f) GDPR). c) Data Categories Postal addresses, email addresses, telephone numbers d) Recipients The recipients of the data are internal IT and BytePlant employees, being processors. We have concluded a corresponding processing agreement with BytePlant for this purpose. e) Storage periods Data are processed for 14 days in this context. After this, they will be erased, provided that there are no legal obligations to keep records. If you wish to contact us in this regard, please use the contact details provided at the beginning of this privacy policy. f) Legal/contractual requirement In principle, data subjects cannot exercise their right to object to the processing of personal data in the context of fraud prevention. g) Transfer to a third country Processing takes place exclusively in the European Union (EU) or the European Economic Area (EEA). h) Profiling No profiling is carried out. </ol> X. Rights of the persons concerned If your personal data are processed, you are a person concerned according to the GDPR and you have the following rights towards the responsible party: Right to information You can ask the responsible party to confirm whether we will process personal data concerning you. If there is such a processing, you can ask the responsible party to provide the following information: (1) The purposes for which personal data are processed (2) The categories of personal data that are processed (3) The recipients or the categories of recipients to which the personal data have been disclosed or will still be disclosed (4) The planned duration of the storage of your personal data or, if specific information can not be provided on this, the criteria for determining the storage period (5) The existence of a right to correct or delete personal data or to restrict the processing by the responsible party or of a right to object to this processing (6) The existence of a right to appeal to a supervisory authority (7) If personal data are not collected from the person concerned, all available information about the origin of the data (8) The existence of an automated decision-making including profiling according to Sections 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and the pursued effects that such a processing has on the affected person. You have the right to request information whether the personal data affecting you are transmitted to a third country or an international organisation. In this context, you can request information about the suitable guarantees in connection with the transmission in accordance with Section 46 GDPR. Right to correction You have the right towards the responsible party to a correction and/or completion if the processed personal data concerning you are incorrect or incomplete. The responsible party has to carry out the correction immediately. Right to a restricted processing You can have the processing of your personal data restricted under the following conditions: (1) If you dispute the correctness of the personal data affecting you for a period of time that will allow the responsible party to check the correctness of the personal data (2) If the processing is unlawful and you rejected to the deletion of the personal data and instead have requested to restrict the use of the personal data (3) If the responsible party no longer requires the personal data for processing but requires the data for asserting, executing or defending legal claims or (4) If you have filed an objection against the processing according to Section 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons provided by the responsible party outweigh your reasons. If the processing of the personal data concerning you has been restricted, these data – apart from their storage – may be processed only with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another individual or legal body for reasons of an important public interest of the Union or a member state. If the restriction of the processing has been curtailed according to the above mentioned conditions, you will be informed by the responsible party before the restriction is lifted. Right to delete a.) Obligation to delete You have the right to ask the responsible party to immediately delete the personal data concerning you and the responsible party is obligated to immediately delete the personal data if the following reasons apply: (1) The personal data concerning you are no longer necessary for the purposes for which they have been collected or processed in other ways. (2) You rescind your agreement on which the processing is based according to Section 6 Para. 1 lit. a or Section 9 Para. 2 lit. a DSGVO and there is no other legal basis for the processing. (3) You object to the processing according to Section 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing or you appeal against the processing in accordance with Section 21 Para. 2 GDPR. (4) The personal data concerning you were unlawfully processed. (5) The deletion of the personal data concerning you is required in order to comply with a legal obligation according to EU law or the law of the member states that the responsible party subject to. (6) The personal data concerning you were collected in regard to services of the information society in accordance with Section 8 Para. 1 GDPR. Information disclosed to third parties If the responsible party has made public the personal data and we are obligated to delete them according to Section 17 Para. 1 GDPR, the responsible party will then take appropriate measures considering the available technology and the costs for the implementation, also of a technical kind, in order to inform the persons responsible for the data processing of your personal data that you have requested the deletion of all links to these personal data or copies or replications of these personal data. Exceptions: The right to delete does not exist if the processing is required (1) for exercising the right to freedom of expression and information; (2) for complying with a legal obligation that requires the processing according to the law of the Union or the member states that the responsible party is subject to or for performing a task that is in the public interest or is done to exercise public authority that was assigned to the responsible party; (3) for reasons of public interest in the area of public health according to Section 9 Para. 2 lit. h and i as well as Section 9 Para. 3 GDPR; (4) for archiving purposes in the public interest, research or historical research purposes or for statistical purposes according to Section 89 Para. 1 GDPR, if the right named under section a) will likely make the realisation of the goals of this processing impossible or seriously affect them or (5) for asserting, exercising or defending legal claims. Right to information If you have asserted the right to correct delete or restrict the processing, the responsible party is obligated to inform all recipients to whom your personal data have been disclosed about the correction or deletion of the data or the restriction of the processing unless it turns out to be impossible or requires unreasonable effort. You have the right that the responsible party will inform you about these recipients. Right to data portability You have the right to receive your personal data that you provided to the responsible party in a structured, common and machine-readable format. You also have the right to transmit these data to another responsible person without any interference by the responsible party to which you have provided the personal data if (1) the processing is based on consent according to Section 6 Para. 1 lit. a GDPR or Section 9 Para. 2 lit. a GDPR or a contract according to Section 6 Para.  1 lit. b GDPR and (2) the processing is carried out using automated processes. When exercising this right, you have also the right to effect that your personal data are transmitted directly from a responsible party to another responsible party if this is technically feasible. The freedoms and rights of other persons may not be affected by this. The right to data portability does not apply to the processing of personal data required for performing a task in the public interest or for exercising public authority that was assigned to the responsible party. Right of objection You have the right - for reasons arising from your special situation - to object to the processing of your personal data based on Section 6 Para. 1 Letters e or f GDPR. this also applies to profiling based on these provisions. The responsible party will no longer process the personal data unless it can prove compelling processing reasons worthy of protection, which outweigh your interests, rights and freedoms or the processing is used to assert, exercise or defend legal claims. If the personal data is processed for direct advertising, you will have the right to object at any time against the processing of your personal data for the purpose of such advertisement. this also applies to the profiling if it is connected with such direct advertising. If you object to the processing for direct advertising purposes, the personal data concerning you will then no longer be processed for these purposes. Irrespective of the Directive 2002/58/EC, you have in connection with the use of services of the information society the option to exercise your right to object using automated processes for which technical specifications are used. Right to withdraw the declaration of consent under privacy law You have the right to withdraw your declaration of consent under privacy law at any time. The withdrawal of consent does not affect the legality of the processing that took place before the withdrawal. Automated decisions in individual cases including profiling You have the right not to be subjected to a decision based exclusively on an automated processing – including profiling – which will have a legal effect against you or significantly affect you in a similar way. This does not apply if the decision (1) is required for the conclusion or performance of a contract between you and the responsible party (2) is admissible based on legal provisions of the Union or its member states that the responsible party is subject to and if these legal provisions include reasonable measures to protect your rights and freedoms as well as your legitimate interests or (3) is made with your express consent. However, these decisions may not be based on special categories of personal data according to Section 9 Para. 1 GDPR, unless Section 9 Para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests. In regard to the cases named in (1) and (3), the responsible party will take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person of the responsible party, to state his or her own position and to challenge the decision.. Right to appeal to a supervisory authority Irrespective of another administrative or legal remedy, you have the right to appeal to a supervisory authority, especially in the member state of your residence, your place of employment or the location of the alleged violation if you believe that the processing of the personal data violates the GDPR. The regulatory authority to whom the appeal was submitted informs the complainant about the status and the results of the appeal including the possibility of a legal remedy according to Section 78 GDPR.     </li> </ol>