Loader
PRIVACY NOTICE (POLICY) | eye square
25863
page-template,page-template-full_width,page-template-full_width-php,page,page-id-25863,acwp-readable-arial,bridge-core-3.1.6,,qode-title-hidden,qode-child-theme-ver-1.0,qode-theme-ver-30.4.1,qode-theme-bridge,wpb-js-composer js-comp-ver-7.6,vc_responsive

Privacy Policy

How does eye square implement the principles of privacy and data protection in practice when conducting market and social research surveys?

eye square is committed to protecting and respecting your privacy. As a global business, eye square is committed your privacy, and our obligations under the data protection laws which apply in your region (such as the General Data Protection Regulation (GDPR) or the California Consumer Protection Act (CCPA)).

The Professional Association of German Market and Social Researchers (Berufsverband Deutscher Markt- und Sozialforscher e. V.) (BVM) and the Working Group of German Market and Social Research Institutes (Arbeitskreis deutscher Markt- und Sozialforschungsinstitute e.V. (ADM) have joined forces with the Association of Social Science Institutes (Arbeitsgemeinschaft Sozialwissenschaftlicher Institute e. V.) (ASI), and the German Society for Online Research (Deutsche Gesellschaft für Online-Forschung e. V.) (DGOF) to issue guidelines that define our activities and which we consider to be mandatory for our work. They set out how the requirements of privacy and data protection should be translated into the practice of market and social research.

The professional standards include e.g. the ICC/ESOMAR “International Code on Market and Social Research” referred to in short as the ESOMAR code, and the ESOMAR guidelines issued by ESOMAR for various areas of market and social research. For details, please refer e.g. to:

 

https://esomar.org/uploads/attachments/ckqtawvjq00uukdtrhst5sk9u-iccesomar-international-code-english.pdf

 

The above-mentioned German institutes and professional associations have also issued a “Declaration for the territory of the Federal Republic of Germany concerning the ICC/ESOMAR International Code of Market and Social Research” which modifies some of the provisions of the ESOMAR Code.

 

https://www.adm-ev.de/en/standards-guidelines/

 

Read our testing software specific privacy policies here: https://www.eye-square.com/en/software-privacy-policy/

Privacy Policy in Accordance with GDPR

I. Name and Address of the Data Controller

 

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States of the EU as well as other data protection like the California Consumer Protection Act (CCPA) provisions is:

 

eye square GmbH
Schlesische Strasse 29-30
10997 Berlin
Germany
Tel.: +4930698144-0
Email: dataprotection@eye-eye-square.com
Website: www.eye-square.com

 


II. Name and Address of the Data Protection Officer

 

The data protection officer of the data controller is:

Lena Ludwig
PSW GROUP Consulting GmbH & Co. KG
Flemingstr. 20-22 . 36041 Fulda . Hessen . Germany
Tel.: +49(0)661/480276-24
Email: ll@psw.net
Website: www.psw.net

 


III. General Information about Data Processing

 

1. Scope of Processing of Personal Data

 

In principle, we only process personal data of our users to the extent necessary to offer a working website and our content and services. We only routinely process personal data of our users with the user’s consent. This does not apply to cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

 

2. Legal Basis for the Processing of Personal Data

 

The legal basis for data processing where we have obtained consent from the data subject is Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) or the law which applies in you region (such as CCPA).

 

Where the processing is necessary for the performance of a contract to which the data subject is a party, the legal basis will be Article 6 (1) (b) GDPR. This also applies to processing necessary to implement pre-contractual measures.

 

Where processing is necessary for compliance with a legal obligation to which our company is subject, the legal basis for processing will be Article 6 (1) (c) GDPR.

 

The legal basis for processing necessary to protect the vital interests of the data subject or of another natural person is Article 6 (1) (d) GDPR.

 

Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing will be Article 6 (1) (f) GDPR.

 

3. Data Erasure and Length of Storage

 

The personal data of the data subject will be deleted or blocked as soon as the data is no longer required for the purpose for which it was originally stored. In addition, such storage may be provided for by Union or national laws, regulations or other provisions to which the controller is subject. The data will also be blocked or erased upon expiry of the storage period prescribed by the laws and regulations specified above, unless there is a need to continue storing the data for purposes of contract conclusion or performance.

 

4. Third Party Processors

 

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

 

Digital Marketing Service Providers

 

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.

 

Our appointed data processors include:

 

(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”

 


IV. Website Provisioning and Creation of LOG Files

 

1. Description and Scope of Data Processing

 

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

 

The following data is collected:

  • Information about the browser type and version used
  • User’s operating system
  • Internet service provider of the user
  • Country, date and time of access
  • Websites from which the user accessed our website
  • Websites accessed by the user’s system via our website

 

The data is also stored in the log files of our system. This does not affect the IP address of the user or other data that allows the data to be linked to any particular user. This data is not stored together with other personal data of the user.

 

2. LEGAL BASIS FOR DATA PROCESSING

 

The legal basis for temporary storage of data is Article 6 (1) (f) GDPR.

 

3. Purpose of Data Processing

 

In accordance with Article 6 (1) (f), our legitimate interest lies in the processing of data for the above purposes.

 

4. Duration of Storage

 

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. Where the data is collected for the purpose of providing the website, the data will be deleted at the end of the respective session.

 

5. Available Remedies

 

The collection of data for website provisioning and storage of data in log files is necessary for the functioning of the website. Users can disable tracking by electing to “reject” the cookie when first accessing the website.

 

6. Information on data transfer to the USA

 

Our website includes tools from companies based in the United States. If these tools are active, your personal data may be transferred to the US company servers. We would like to inform you that the United States is not a safe third country in relation to EU data protection law. American companies are obliged to release personal data to security authorities without you, as the person concerned, being able to take legal action against this. Therefore, it cannot be avoided that US authorities (e.g. secret services) may process, evaluate, and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

 

7. Revocation of your consent due to data processing

 

Many data processing operations are only possible with your expressed consent. You can revoke any consent already given at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

 


V. Use of Cookies

 

A) Description and Scope of Data Processing

 

Our website uses cookies. Cookies are text files that are stored in the browser or by the browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

 

We use cookies on our website that allow us to analyse the behaviour of users.

 

This can result in the transmission of the following data:

 

The following is a list of the data collected, which can include e.g.:

  • Entered search terms
  • Frequency of page views
  • Use of the website’s functions and features

 

The user data collected in this way are pseudonymised using technical measures. As a result, the data can no longer be used to identify the accessing user. The data is not stored together with users’ other personal data.

 

When users visit our website, they receive information about the use of cookies for analytical purposes and we obtain the user’s consent to the processing of personal data used in this context. Users can decline to give their consent, whereupon no cookie is set and the tracking is also prevented.

 

B) Legal Basis for Data Processing

 

The following applies where we use technically necessary and unnecessary cookies with the prior user consent:

 

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.

 

The legal basis for the processing of personal data using cookies for analytical purposes with the prior user consent to the processing of data is Article 6 (1) (a) GDPR.

 

C) Purpose of Data Processing

 

The analysis cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to constantly improve the content of our website.

 

Use of Google Analytics

 

This website uses Google Analytics, a website analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, i.e. text files that are stored on your computer and facilitate an analysis of the way you use the website. The information generated by the cookie about your use of the website will typically be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address is first abbreviated by Google in the member states of the European Union or in other countries that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet use. Google will not associate your IP address transmitted by your browser with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the data generated by the cookie concerning your use of the website (including your IP address) from being collected and sent to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: (http://tools.google.com/dlpage/gaoptout?hl=de). You can prevent the collection of data by Google Analytics by clicking on the following link. This sets an opt-out cookie, which will tell the website not to collect your data when you next visit the website: disable Google Analytics.

For more information about the terms of use and data protection, please visit http://www.google.com/analytics/terms/de.html and/or https://www.google.de/intl/de/policies/. Please note that on this website Google Analytics has been extended by the code “anonymizeIp” to guarantee the anonymised collection of IP addresses (known as IP masking). In accordance with Article 6 (1) (f) GDPR, our legitimate interest lies in the processing of data for the above purposes.

 

Teleservice providers are required to notify users when they refer them to third-party service providers. When we refer (link) the user to another service provider on our website, we notify the user by opening the website of the third-party service provider in a new browser tab/window.

 

Use of Youtube Plugins (Videos)

 

On this website, we use plugins from YouTube.de/YouTube.com, which are operated by YouTube, LLC, Cherry Ave., USA and represented by Google Inc. When you visit a page on our website that contains this plugin, a connection is made to YouTube’s server, which then instructs your browser to display the plugin on that page. The plugin then transmits information to the YouTube server about the pages you have visited on our website. If you are logged in as a member at YouTube, this information will be linked to your YouTube account. If you use these plugins, e.g. by clicking on/playing a video, this information will be linked to your YouTube user account. This can only be prevented by logging out before using the plugin. For further information on the collection and use of data by the platform or plugins, please refer to YouTube’s privacy policy at the following link: http://www.google.com/intl/en/policies/privacy/.

 

Use of VIMEO

 

On this website, we use plugins from Vimeo. Vimeo is operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011. When you visit a page on our website that contains this plugin, a connection is made to Vimeo’s server, which then instructs your browser to display the plugin on that page. The plugin then transmits information to the Vimeo server about the pages you have visited on our website. If you are logged in as a member at Vimeo, this information will be linked to your YouTube account. If you use these plugins, e.g. by clicking on/playing a video, this information will be linked to your YouTube user account. This can only be prevented by logging out before using the plugin. For further information on the collection and use of data by the platform or plugins, please refer to Vimeo’s privacy policy at the following link: https://vimeo.com/privacy.

 

Use of Google Maps

 

On this website we use Google Maps to display an interactive map and a route planner. Google Maps is operated by Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this service, you consent to the collection, processing and use of the data automatically collected and the data you entered by Google, its representatives or third-party providers. For the Google Maps terms of use, please refer to: http://www.google.com/intl/de_en/help/terms_maps.html

 

D) Duration of Storage, Available Remedies

 

Cookies are stored on the user’s computer and transmitted to our site. This gives you as the user full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you choose to disable cookies for our website, you may not be able to use all the functions and features of this website.

 

E) Cookies preferences

 

You can change our cookie preferences here: Change cookie preferences

 


VI. Newsletter via SendInBlue

 

Our e-mail newsletters are sent via the technical service provider Sendinblue SAS – DPO Team – 106 boulevard Haussmann, 75008 Paris, France. to whom we share the information you provide when you register for our newsletter. Brevo (formerly sendinblue) attaches particular importance to the respect for the privacy of the Users and of the confidentiality of their personal data, and is thus committed to processing the data in compliance with the applicable laws and regulations, and in particular Law No. 78-17 of 6 January 1978 relating to Information Technology, Data Files and Civil Liberties (hereafter referred to as the “Data Protection Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as the “GDPR”).

 

  1. RECIPIENTS OF DATA

 

The personal data collected is intended for Brevo’s (formerly sendinblue) commercial and accounting departments. It may be transmitted to Sendinblue’s subsidiaries, or to third-party data processors which Sendinblue is authorized to use within the context of the performance of its Services.

 

In this context, personal data may be transferred to an EU or non-EU country. Brevo (formerly sendinblue) implements guarantees ensuring the protection and security of this data, in compliance with applicable rules and regulations.

 

Brevo (formerly sendinblue) does not transfer or rent personal data to third parties for marketing purposes without the express consent of the Users of Sendinblue.

 

In addition, personal data may only be disclosed to third parties for purposes other than marketing in the following cases:

  • with their authorisation;
  • at the request of the competent legal authorities, upon judicial request, or in the context of a legal dispute.

 

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

 

  1. RIGHTS OF USERS

 

In accordance with applicable rules, the Users have the right to access and rectify their personal data, which enables them to rectify, complete, update, or delete data that is inaccurate, incomplete, ambiguous, or outdated, or whose collection, use, communication, or storage is prohibited.

 

The Users also have the right to request the limitation of the processing, and to oppose on legitimate grounds the processing of their personal data. The User may also communicate instructions on the fate of their personal data in the event of their death.

 

Where applicable, the User may request the portability of their personal data or, where the legal basis for the processing is consent, withdraw their consent at any time.

 

The Users may exercise their rights by sending an email to to dpo@brevo.com or a letter to:

 

Sendinblue SAS – DPO Team

106 boulevard Haussmann, 75008 Paris, France

 

  1. SECURITY

 

Brevo (formerly sendinblue) has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being accessed by unauthorized third parties, distorted, or damaged.

 

These measures include the following:

  • Multi-level firewall.
  • Proven solutions for anti-virus protection and detection of intrusion attempts.
  • Encrypted data transmission using SSL/https/VPN technology.
  • Tier 3 and PCI DSS certified data centers.

 

In addition, access to processing data on behalf of Brevo (formerly sendinblue) by the receiving third-party services requires authentication of the persons accessing the data, by means of an individual access code and password, that is sufficiently robust and regularly renewed.

 

Data transmitted over unsecured communication channels is subject to technical measures designed to make such data incomprehensible to any unauthorized person.

 

Any questions about the security of the Brevo (formerly sendinblue) website can be directed to dpo@brevo.com or to contact@sendinblue.com.

 


VII. Application and privacy of your data

 

We are pleased that you’re interested in contributing your strengths to our team. We kindly ask you to send applications only to the e-mail address below.

 

We have set up a separate mailbox for applications. You can reach this mailbox via jobs@eye-square.com. This mailbox is excluded from e-mail archiving. If you send your application to a different address, we cannot prevent it from being stored. Alternatively, you can send us your encrypted application via the application portal of our service provider Recruitee B.V., Netherlands. You can find the provider’s privacy policy here: https://recruitee.com/privacy

 

If you would like us to consider you for other vacancies in our company and keep your application for the maximum retention period of 6 months, please let us know.

 

We assume that we may also answer unencrypted application e-mails without encryption. If you do not wish this, please give us a note in your application e-mail.

 


VIII. Registration

 

1. Description and Scope of Data Processing

 

On our website, we offer users the option to register by providing personal data, e.g. to receive a document or white paper or to register for an event. The data is entered into a contact form, transmitted to us, and stored. We do not disclose this information to third parties. The following data is collected during the registration process:

At the time of registration, we also store the following types of data:

  • Contact details: name and email address
  • Date and time of registration

 

We obtain the user’s consent to processing of this data during the registration process.

 

2. Legal Basis For Data Processing

 

The legal basis for the processing of data where the user has given consent to the processing is Article 6 (1) (a) GDPR.

 

3. Purpose of Data Processing

 

The purpose of registration is not to conclude a contract with the user:

The user’s registration is necessary for the provision of certain content and services on our website.

To send users the requested information materials, e.g. white papers or to register for an event, we require at least basic contact data (name and email address).

 

4. Duration of Storage

 

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected.

 

5. Available Remedies

 

As a user you have the option of cancelling the registration at any time. Or rectification of the data we store on you at any time.

 


IX. CONTACT FORM AND EMAIL ADDRESS

 

1. Description and Scope of Data Processing

 

On our website, we offer a contact form, which can be used to contact us online. Where users take advantage of this option, the data they enter into the form will be transmitted to us and stored. These data include:

 

The following is a list of data collected through the entry form

At the time of sending the message, the following data is also stored:

 

The following is a list of the relevant data.

 

  • User/company name and email address
  • Date and time of registration

 

To process the data, we obtain the consent from the user during the sending process, while referring to this privacy policy.

 

Alternatively, you can use the email address provided to contact us. In this case, the user’s personal data transmitted by email will be stored.

 

We do not pass this data on to third parties. Such data will only be used to process the communication.

 

2. Legal Basis for Data Processing

 

The legal basis for the processing of data where the user has given consent to the processing is Article 6 (1) (a) GDPR.

 

The legal basis for the processing of data transmitted when an email is sent is Article 6 (1) (f) GDPR. If the purpose of the email is to conclude a contract, then the additional basis for the processing of data will be Article 6 (1) (b) GDPR.

 

3. Purpose of Data Processing

 

We process the data entered into the contact form solely to process the communication. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4. Duration of Storage

 

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter in question has been definitely resolved.

The additional personal data collected during the sending process will be deleted at the latest after seven days.

 

5. Available Remedies

 

Users are entitled to withdraw their consent to the processing of personal data at any time. Users who contact us by email can object to the storage of their personal data at any time. In this case, the parties will no longer be able to engage in further communications.

 

Below, we describe under what circumstances is it possible to withdraw consent and/or object to storage.

 

All personal data stored when communicating with us will be erased as a result.

 


X. RIGHTS OF THE DATA SUBJECT

 

Below, we provide information about the rights of data subjects under GDPR. As there is no need to mention rights that are not relevant to our website, the list can be reduced.

 

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the data controller:

 

1. Right of Access

 

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed.

 

Where that is the case, you may request the following information from the data controller:

 

(1) the purposes of the processing of personal data;

(2) the categories of personal data processed;

(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;

(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the user or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) where the personal data are not collected from the data subject, any available information as to their source;

(8) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

 

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

 

2. Right to Rectification

 

You have the right to have inaccurate and or incomplete personal data rectified and/or completed without undue delay.

 

3. Right to Restriction of Processing

 

You have the right to obtain from the controller restriction of processing of personal data where one of the following applies:

 

(1) you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or

(4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your interests.

 

Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with the user’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 

If the processing has been restricted under the above conditions, you shall be notified by the controller before the restriction is lifted.

 

4. Right to Erasure

 

A) ERASURE OBLIGATION

 

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:

 

(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed

(2) You withdraw consent on which the processing is based according to Article 6 (1) (a), or Article 9 (2) (a) GDPR, and where there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.

(4) The personal data have been unlawfully processed.

(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

 

B) Obligation to Inform third Parties

 

Where the controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

 

C) Exemptions

 

The right to erasure does not apply to the extent that processing is necessary

 

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

 

5. Right to Receive Information

 

If you have exercised your rights with respect to rectification or erasure of personal data or restriction of processing, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

 

You are entitled to receive information about those recipients from the controller.

 

6. Right to Data Portability

 

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

 

(1) the processing is based on consent pursuant to Article 6 (1) (a), or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR, and

(2) the processing is carried out by automated means.

 

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. These rights shall not adversely affect the rights and freedoms of others.

 

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7. Right to Object

 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

 

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

 

Where personal data are processed for direct marketing purposes, you will have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

 

If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

 

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

 

8. Right to Withdraw Consent to Data Processing

 

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

9. Automated Individual Decision-Making, Including Profiling

 

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

 

(1) is necessary for entering into, or performance of, a contract between you and the data controller,

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

 

However, these decisions may not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless point (a) or (g) of Article 9 (2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

 

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

 

10. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR.

 

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Accessibility Toolbar