Data protection

Note on data processing

In all respects of data processing (e.g. collection, processing, transmission) we act in accordance with the respective legal regulations. The following explanation gives you an overview particularly with regard to the kind of data collected and in which way they are used and transmitted, which security measures are taken and which rights are available to you as the data subject.

I. Controller in charge of the processing of personal data

The person in charge of the data processing according to the data protection regulation is:

Zentralgenossenschaft des europäischen Fleischergewerbes eG
Grüne Straße 40-42
60316 Frankfurt am Main
Tel. +49 69 4077-0
Fax +49 69 4077-290
E-mail: gilde@zentrag.de

II. Data protection officer

Contact info of the data protection officer:

Zentralgenossenschaft des europäischen Fleischergewerbes eG
Grüne Straße 40-42
60316 Frankfurt am Main
Tel.: +49 6404 6580-351
E-mail: datenschutz@zentrag.de

III. General information on data processing

1. Extent of personal data processing

We process personal data of our users in principal only when this is necessary to ensure functioning of our website and its contents and our services. Personal data of our users are only processed on the basis of the consent of the user with exceptions in case that it is not possible to obtain the prior consent for factual reasons and the processing of the data is lawful by legal rules.

2. Legitimate basis for personal data processing

The legitimate basis for our processing of personal data with the consent of the data subject is Art. 6 (1) lit. a EU-General Data Protection Regulation (GDPR). The legitimate basis for processing of personal data necessary for the performance of a contract to which the data subject is party is Art. 6 (1) lit. b GDPR. This is also true for processing in order to take steps at the request of the data subject prior to entering into a contract. If personal data processing is necessary for compliance with a legal obligation to which our company is subject the legitimate basis is Art. 6 (1) lit. c GDPR e. If personal data processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject the legitimate basis is Art. 6 (1) lit. f GDPR.

3. Data erasure and storage duration

The personal data of the data subject concerned are erased or made unavailable as soon as the purpose for the storage ceases to exist. Personal data may be stored for longer periods insofar as this is required by the European or national legislator in federal regulations, laws or other legal acts to which the controller is subject. The data are also erased or made unavailable if a storage period required by the standards referred to expires unless a requirement for further storing is necessary to enter into a contract or to fulfil a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time a user visits our website our system will automatically collect data and information from the user’s computer.

Following data are thus collected:

• Your IP-address (partly anonymised, i.e. without the last block of numbers (e.g. 192.168.100.xxx)
• URL of the accessed pages
• Your browser type
• Your operating system
• Date and time of your access
• The functions used on the web page

The data are also stored in the log files of our system. This does not concern the IP-address of the user or other data which might identify the user. This kind of data are not stored together with personal data of the user.

2. Legitimate basis for data processing

The legitimate basis for the temporary data and log files storage is Art. 6 (1) lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP-address by the system is necessary to deliver the webpage to the computer of the user. Therefor the IP-address of the user must be stored for the duration of the session.

The storage in log files is done in order to ensure the functioning of the web site. The data are also used to optimize the web site and to ensure the security of our IT systems. No data analysis for marketing purposes takes place in this context.

These purposes constitute our legitimate interest in data processing as per Art. 6 (1) lit. f GDPR.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. For data recording in order to deliver the web site this is the case when the respective session is finished.

For data recording in log files this is the case after seven days at the latest. Further storage is possible. In this case the IP-addresses of the users are erased or alienated so that the user can no more be identified.

5. Right to object and disposal options

The data recording in order to deliver the web site and the storage of the data in log files is compelling for the functioning of the web site. Thus, there is no possibility to object for the user.

V. Utilisation of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files, which are downloaded to the internet browser and then stored from the internet browser to the computer system of the user. When a user accesses a website, cookies can be stored on his operating system. This cookie contains a certain sign sequence which permits an identification of the browser when accessing the web site again.

We use cookies to make our site user friendly. Some elements on our web page necessitate that the accessing browser can be identified even after changing to another web page.

We also use cookies on our web site which enable us to analyse the navigation of the user.

When using cookies data (e.g.log-in information, language choice, etc.) are stored and transmitted.

The data thus collected are pseudonymized by technical means. The user can therefore not be identified any more. The data are not stored together with other personal data of the data subject.
When accessing our web site, the users are informed by an info banner on utilisation of cookies for analysing purposes and reference is made to this data protection policy. We also mention in this context that the storage of cookies can be blocked in the browser settings.

2. Legitimate basis for data processing

The Legitimate basis for personal data processing when using Cookies is Art. 6 (1) lit. f GDPR.

The Legitimate basis for personal data processing when using cookies for analysing purposes with the consent of the data subject is Art. 6 (1) lit. a GDPR.

3. Purpose of the data processing

The purpose of the utilisation of technically necessary cookies is to make the navigation on the web site easier for the user (e.g. remembering key words). Some features of our web site cannot be used without enabling cookies. For these it is necessary that the accessing browser can be identified even after changing to another web page.

The user data collected by technically necessary cookies are not used to build user profiles.

The purpose of using analyse cookies is to upgrade the quality of our web site and its contents. Analyse cookies inform us on how the web site is used and this enables us to continually ameliorate our offer.

These purposes constitute our legitimate interest in the personal data processing as per Art. 6 (1) lit. f GDPR.

4. Storage duration, Right to object and disposal options

Cookies are stored on the computer of the user and transmitted to our web site. You as user have the full control over utilising cookies. You can change the settings in your internet browser and thus deactivate or limit the transmission of cookies. Already stored cookies can be deleted by you at any time. This can also be done by automated means. If you choose to decline cookies, you may not be able to fully experience the features of our site.

The transmission of flash-cookies cannot be deactivated by a change in the browser settings but by a change in the settings of the flash player.

VI. Newsletter

1. Description and scope of data processing

On our web site you have the possibility to subscribe to a free newsletter. During the subscription the address that you enter into the template will be transmitted to us.

Following data are also collected:

(1) IP-address of the accessing computer
(2) date and time of registration
(3) date and time of your access

During the subscription process we ask for your consent for the data processing and reference is made to this data protection policy.

In order to send you our newsletter your e-mail address is processed by the service MailChimp of the provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You will find further information under chapter XI. 5. of this data protection policy.

2. Legitimate basis for data processing

The legitimate basis for processing of data after the data subject subscribed to the newsletter with the consent of the data subject is Art. 6 (1) lit. a GDPR.

3. Purpose of the data processing

The purpose of collecting the user’s e-mail address is to send the newsletter.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. The user’s e-mail address is stored as long as the newsletter subscription is active.

5. Right to object and disposal options

The newsletter subscription can be cancelled at any time by the user. the user can do this by using for example the “unsubscribe” link in each newsletter or he can send an e-mail to website@zentrag.de.

VII. Registration

1. Description and scope of data processing

The user has the possibility on our web site to register for an account by indicating personal data. The data are entered into a template and are transmitted to us and stored. They are not transmitted to third parties.

During the registration process following data are collected:

(1) Your first name and family name
(2) your e-mail address
(3) username

You may also indicate following data which is not absolutely needed for the registration but which may be helpful:

(1) your company name
(2) your postal address (street, zip code, city)
(3) your telephone numbers

You also have to choose a password; together with your e-mail address this will enable you to login easily without re-entering all the data.

2. Legitimate basis for data processing

The legitimate basis for processing of data with the consent of the data subject is Art. 6 (1) lit. a GDPR.

3. Purpose of the data processing

A user registration on our web site is necessary for accessing certain contents and services meant to be only available to members of the Zentralgenossenschaft des europäischen Fleischergewerbes eG.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. This is the case for the data collected during the registration process when the registration is cancelled or modified on our web page.

5. Right to object and disposal options

As a user you have the possibility to cancel your registration at any time. You can ask at any time the collected data on you to be modified.

VIII. E-mail contact

1. Description and scope of data processing

You can contact us via the e-mail addresses at your disposal. In this case the personal data of the user transmitted with the e-mail are stored. In this context the data are not transmitted to third parties. The data are used exclusively for the processing of the conversation.

2. Legitimate basis for data processing

The legitimate basis for data processing collected when sending an e-mail is Art. 6 (1) lit. f GDPR.

3. Purpose of the data processing

The processing of the personal data from the template is only used for the processing of the contact. In case of a contact by e-mail this constitutes our legitimate interest in the personal data processing.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. For the personal data received by e-mail this is the case when the conversation with the user is finished. The conversation is considered finished wen the circumstances indicate that the matter at hand is conclusively resolved.

5. Right to object and disposal options

The user has the possibility at all times to withdraw his consent to the processing of personal data. When a user contacts us by e-mail he can object to the storage at any time. In such a case the conversation cannot be continued. For the withdrawal of consent the user can for example send an e-mail to website@zentrag.de. All personal data stored during the contact are in this case erased.

IX. Catalogue order

1. Description and scope of data processing
On our web site is a form which can be used to order catalogues. When a user takes this opportunity, the data entered into the template are transmitted to us and stored. These data are:

(1) title
(2) first name and family name
(3) company name
(4) postal address (street, zip code, city, country)
(5) e-mail address

During the catalogue ordering process, we ask for your consent for the data processing and reference is made to this data protection policy.

The data are used exclusively for the processing of the catalogue order.

2. Legitimate basis for data processing

The legitimate basis for processing of personal data with the consent of the data subject is Art. 6 (1) lit. a GDPR.

3. Purpose of the data processing

The processing of the personal data from the template is only used for the processing of the catalogue order.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. For the personal data from the template of the order form this is the case when the catalogue has been dispatched.

5. Right to object and disposal options

The user has the possibility at all times to withdraw his consent to the processing of the personal data with future effect.

X. Photo and film footage

1. Description and scope of data processing

During our events we regularly make films and take pictures. It is possible that you might be recognisable and identifiable on that footage as a participant in our events.
We use these photos and films in press releases, invitations, newspapers, trade journals, brochures, newsletters, social media channels and on our web sites for company and product presentation purposes.

2. Legitimate basis for data processing

The legitimate basis for the data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest as organiser resides in the documentation of the held events and to present them to third parties in the interest of our company and of our products.

3. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection.

XI. Transmission/Collection of data to/by third parties

1. Transmission for contract handling

Forwarding or any other transmission of your personal data to third parties occurs only when the transmission is necessary for compliance with our cooperative obligations or if you have expressly given your consent. The service providers contracted for the above-mentioned purposes are given only the information required to fulfil their specific task. No other utilisation of the information is permitted.

Contracted service providers and therefor possible recipients of the data are:

– Logistic and shipping providers
– Providers of financial and accounting services
– External warehousing contractors
– Digital agencies
– Credit assessment and collection service providers

We point out that, we are, by order of the competent authority, entitled to furnish particulars about data, provided that this is required to carry out prosecution proceedings, to enable the police forces of the German federal states to prevent crimes, to fulfil the statutory tasks of the constitution protection authorities of the German federal government, the German federal states, the Federal Intelligence Services or Military Intelligence, or to enforce intellectual property rights. Data are only transmitted within the framework of mandatory national legislation.

2. Utilisation of Google Analytics

This web site uses Google Analytics, a web analytics service by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so called „ cookies “, text files that are stored on your computer and which permit an analysis of your use of our web site. The information generated by the cookie about your use of our site (including your IP address) will be transmitted to and stored by Google on their servers in the USA.
Activating the ip anonymisation on this web page your IP address will be previously truncated by Google within the member states of the European Union or in other contracting States to the Agreement on the European Economic Area. Only in exceptional cases the ip address is sent in full length to a google server in the United States and will be truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. The data sent by us interlinked with cookies, user identification (e.g. user-id) or advertising ids are deleted automatically after 14 months. At the end of their storage period the data are automatically deleted once a month. You may block the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

The European commission and the US government have signed the „Privacy Shield “agreement on data protection. The European commission has consequently established that the data privacy protection within the framework of Privacy Shield is adequate in the United States. Google LLC is certified under the Privacy shield and commits to complying with the EU data protection requirements.

To learn more about the purpose and extent of data collection, processing and the use of this data by Google Analytics and about your rights and setting options for the protection of your privacy, please refer to the data protection information of Google Analytics:

https://support.google.com/analytics/topic/2919631?hl=de&ref_topic=1008008

You have the right to object to the collection of usage data by Google Analytics. Google offers the possibility to install a deactivation add-on on your browser under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, you have the possibility to object to the collection of user data by Google Analytics by clicking on the following link. An opt-out cookie will be installed, which will prevent future acquisition of your data when you visit this website: click here to deactivate Google Analytics

3. Use of Social Plugins (Facebook)

a)
This site uses so called social plugins permitting direct interaction with the well-known social media platform Facebook.

b)
The Facebook plug-ins, especially the „recommend “- button is operated by Facebook Inc., 1601 WILLOW ROAD, MENLO PARK, CA 94025, US („Facebook “). The plug-ins are identified by one of the Facebook logos. The list and the look of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins.

If you call up one of our internet website pages which have a plugin of this kind, your browser sets up a direct link to the Facebook servers. The content of the plugin is passed by Facebook direct to your browser and integrated by it into the website.

Through integration of the plugin, Facebook obtains the information that you have called up the relevant page on our internet site, even if you do not have a Facebook-account or you are not logged in at the moment. The information (including your IP address) will be transmitted to and stored by Facebook on servers in the United States.

If you are logged on to Facebook, Facebook can allocate the visit to your Facebook account. If you interact with the plugin, by using the “recommend-Button”, for example, or by posting a commentary, the information will be given direct to Facebook by your browser and stored there. The information will be published on Facebook and displayed to your Facebook-friends.

Facebook may use this information for purposes of advertising, market research and personalized design of Facebook pages. For this purpose, Facebook creates profiles regarding usage, interests and relationships, e.g. to evaluate your use of our web site with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our web site and to provide further related services with the use of Facebook.

The European commission and the US government have signed the „Privacy Shield “agreement on data protection. The European commission has consequently established that the data privacy protection within the framework of Privacy Shield is adequate in the United States. Facebook Inc. is certified under the Privacy shield and commits to complying with the EU data protection requirements.

If you do not want Facebook to allocate the collected data via our web site to your Facebook account, you must log out of Facebook before you visit our web site.
To learn more about the purpose and extent of data collection, processing and the use of this data by Facebook and about your rights and setting options for the protection of your privacy, please refer to the data protection information of Facebook:

4. Use of Google Maps

This website uses Google Maps, a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you use Google Maps (e.g. address entry, route planning or location display) Google Maps collects and processes the data entered and may use various sources in order to pinpoint your current position.

The European commission and the US government have signed the „Privacy Shield “agreement on data protection. The European commission has consequently established that the data privacy protection within the framework of Privacy Shield is adequate in the United States. Google LLC is certified under the Privacy shield and commits to complying with the EU data protection requirements.

More information pertaining to Google Maps are to be found under the following link:

https://support.google.com/maps/answer/3093609?hl=de&authuser=0&p=newmaps_mylocation&rd=1

Terms of use for Google Maps are to be found under the following link:

https://www.google.com/intl/de_de/help/terms_maps.html

5. Newsletter-distribution by means of MailChimp

For the distribution of our newsletters your e-mail address is processed through the service MailChimp of the provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The e-mail addresses of the recipients of the newsletter are stored on the servers of MailChimp in the USA. MailChimp uses the e-mail addresses for sending and analysing the newsletter on our behalf. MailChimp uses the e-mail addresses to optimise or ameliorate its own services. The data will not be used otherwise or transmitted to third parties by MailChimp.

The European commission and the US government have signed the „Privacy Shield “agreement on data protection. The European commission has consequently established that the data privacy protection within the framework of Privacy Shield is adequate in the United States. Rocket Science Group, LLC is certified under the Privacy shield and commits to complying with the EU data protection requirements.

We have also concluded an order data processing contract with Rocket Science Group, LLC in which Rocket Science Group, LLC makes a commitment in particular to protect the data of our users and to refrain from passing it on or making it accessible to third parties.

MailChimp’s data protection regulations can be seen here:

https://mailchimp.com/legal/privacy/

6. Social Media Profiles
For presentation and communication purposes we set up user accounts for our company on the following social networks / online platforms:

– Facebook

The providers of the aforementioned networks/online platforms collect and process user data for their own purposes (market research, publicity, analysis tools for commercial customers, etc.). We do not have any knowledge or influence on the kind or scope of this data processing.

In the course of this data processing cookies are regularly used (see explanations in our data protection chart) and usage profiles are created.
The data processing takes regularly place outside the European Union, especially in the United States of America. The European commission and the US government have signed the „Privacy Shield“ agreement on data protection. The European commission has consequently established that the data privacy protection within the framework of Privacy Shield is adequate in the United States. Different providers (e.g. Facebook Inc. and Google LLC) are certified under the Privacy shield and commit to complying with the EU data protection requirements. A list of the certified companies can be viewed and searched through under the following link: https://www.privacyshield.gov/list

The legitimate basis for processing of the data is Art. 6 (1) lit. f GDPR. We have a legitimate interest to use the aforementioned networks/ online platforms for presentation and communication purposes.

To learn more about the purpose and extent of data collection, processing and the use of this data by the different providers and about your rights and setting options for the protection of your privacy, please refer to the following links:

-Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland);
data protection information: https://www.facebook.com/about/privacy/;
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com;
Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

XII. Data security

We have taken numerous security measures to protect personal information adequately and on an appropriate scale.

Our data bases are secured by physical and technical measures and an access protection which limit the access to the information on specially authorized persons in compliance with this data privacy statement. Our information system is secured by a software firewall to prevent the access by other networks which are connected to the internet. Only personnel in need of this information to proceed a special task are granted access to individual-related data. Our personnel are trained in matters of security and data protection practice.

Personal data collected via our website are transmitted in encrypted form using the industry standard Secure Socket Layer (“SSL”) technology. Sensitive data, such as credit card information or bank account information, are even further encrypted.

For the registration of your client account or newsletter, we use the so-called double-opt-in-technique. After the registration we will send you an e-mail to confirm your contact details. The registration becomes effective only when you confirm the registration via the respective link in the e-mail.

Generated passwords are managed encrypted and not stored as „clear text“ in the system.
Never disclose your password for accessing our website to third parties and it is recommended you change your password regularly. Properly log out and close your browser whenever you leave our website in order to avoid unauthorized parties obtaining access to your user account.

Complete data security cannot be guaranteed in e-mail communication.

XIII. Rights of the data subject

When personal data of you are processed you are the data subject in the sense of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access to personal data

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.

If that is the case, you can ask the controller to give you access to the following information:

(1) the purposes of the personal data processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data you concerning or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed whether your personal data has been transferred to a third country or to an international organisation. In this context you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller rectification if the data is inaccurate and/or to have incomplete personal data completed. The controller must proceed without undue delay.

3. Right to restriction of processing

You have the right to obtain restriction of processing where one of the following applies:

(1) you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
(4) you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you obtained restriction of processing you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Obligation to erasure

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase your personal data without undue delay where one of the following grounds applies:

(1) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) you withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
(3) you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
(4) your personal data have been unlawfully processed.
(5) your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Article 17 paragraph 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have enforced the right to rectification, erasure or restriction of processing vis-à-vis the controller, he shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

6. Right to data portability

You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR and
(2) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to object to the declaration of consent to data processing

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and the data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.

These decisions shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this GDPR Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Supervisory authority:
The Hessian commissioner for data and freedom of information
Gustav-Stresemann-Ring 1
65189 Wiesbaden