Privacy Policy - SPACEnAI

I. CONTROLLER

The controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:

SPACEnAI
Heinrich Strasse 22
64283 Darmstadt

Telephone: +49 (0) 6151 3651249
E-Mail: md.bayzidul.islam@gmail.com
Internet: www.spacenai.com

II. GENERAL INFORMATION ON DATA PROCESSING

In principle, the processing of personal data only takes place to the extent necessary to provide a functional website including content and services. Processing is regularly carried out only with the consent of the data subject. Exceptionally, processing takes place without the consent of the data subject if this is not possible for factual reasons and the processing of the data is permitted by law.

Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data, insofar as the consent of the data subject has been obtained for the processing of personal data.

Art. 6 para. 1 lit.b GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Art. 6 para. 1 lit.c GDPR serves as the legal basis for the processing of personal data insofar as the processing of personal data is necessary to fulfil a legal obligation to which the company is subject.

Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary for the processing to safeguard a legitimate interest of the medical practice or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest.

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by relevant national or European regulations. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

III. USE OF THE WEBSITE

(1) Each time the website is accessed, the system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the website
Access status (HTTP status)
amount of data transferred
Web browser
Language and version of the browser
Operating system
Website from which you came to the website

The data is stored in the log files of the system. A storage of this data together with other personal data of the user does not take place.

(2) The legal basis for this is Article 6 (1) (f) GDPR.

(3) The collection and temporary storage of the IP address is necessary to enable the display of the website on your device. For this purpose, your IP address must be stored for the duration of your visit to the website. An evaluation of this data for marketing purposes does not take place.

(4) The data will be deleted when the respective session has ended. If this data is stored in log files, this is the case after nine days at the latest. A further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the provision of the website. Consequently, there is no possibility of objection.

IV. USE OF COOKIES

(1) The website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot transmit viruses to the end device or execute programs themselves.

Cookies are used to make a website more user-friendly. Some elements of the website require that the calling browser can be identified even after a page change.

Transient cookies are automatically deleted when the session is closed. These include, among other things, session cookies, which store the so-called session ID, on the basis of which various requests from the web browser can be assigned to the joint session. This makes it possible to recognize the end device when a new session is held.

Persistent cookies are automatically deleted after a specified storage period, which may vary depending on the cookie. The corresponding settings can be deleted at any time in the settings of the web browser.

The following data is stored in the cookies:

Log-in information
Language
entered search terms
Number of views of the website
Use of individual functions of the website

(2) The legal basis for this is Art. 6 para. 1 lit. f GDPR.

(3) The purpose of the use of technically necessary cookies is to simplify the use of websites for users. Some functions of the website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

(4) Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

V. GOOGLE ANALYTICS

(1) On our website, we use “Google Analytics”, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: “Google”). Google uses cookies, i.e. small text files that are stored on your device and that enable an analysis of your use of our website. The information generated by the cookie about the use of our website is usually transmitted to a Google server in the USA and stored there. If anonymization of the IP address to be transmitted by the cookie is activated on the website by the extension “anonymize” (hereinafter referred to as: “IP anonymization”), your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of our website on our behalf, to compile reports on website activity and to provide us with other services related to website activity and internet usage. Pseudonymous user profiles can be created from the processed data. The IP address transmitted when using Google Analytics will not be merged with other Google data.

We only use Google Analytics with the activated IP anonymization described above. This means that your IP address will only be processed by Google in abbreviated form. A personal reference can thus be excluded.

(2) The legal basis for the processing is the legitimate interest in the analysis, optimisation and economic operation of the website within the meaning of Art. 6 para. 1 lit. f. GDPR.

(3) We use Google Analytics for the purpose of analyzing the use of our website and continuously improving individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by Google.

(4) You can prevent the storage of cookies generated by Google Analytics by making appropriate settings on your web browser. In this respect, we would like to point out that in this case you may not be able to use all the functions of our website. If you want to prevent the collection of the data generated by the cookie and related to your user behavior (including your IP address) and the processing of this data by Google, you can download and install the web browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

In order to oblige Google to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing contract with Google. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. As a result, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on Google’s use of data, on setting and objection options as well as on data protection can be found on the following Google websites:

Terms of Use: http://www.google.com/analytics/terms/de.html
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy Policy: http://www.google.de/intl/de/policies/privacy
Google’s use of data when you use our partners’ websites or apps: https://www.google.com/intl/de/policies/privacy/partners
Use of data for advertising purposes: http://www.google.com/policies/technologies/ads
Settings for personalized advertising by Google: http://www.google.de/settings/ads

VI. REGISTRATION

(1) The website offers users the opportunity to register by providing personal data. The data is entered, transmitted and stored in an input mask. The data will not be passed on to third parties. The following data is collected as part of the registration process:

In addition, the following data is collected during registration:

IP address of the calling computer
Date and time of registration
E-mail address

As part of the registration process, the user’s consent to the processing of this data is obtained with reference to the privacy policy.

(2) The legal basis for this is Art. 6 para. 1 lit. a GDPR if the user has given his consent. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit.b GDPR.

(3) A registration of the user is required in order to set up a customer account. It thus serves to identify the user and to fulfil the contract of use for the service.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for those during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

(5) Data subjects have the possibility at any time to modify user data in their user profile under the item “Data and settings > My company”. Insofar as the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible unless contractual or legal obligations prevent deletion.

VII. USE OF THE SERVICE

(1) In order to use the services of SPACEnAI, we process inventory data (e.B., names and addresses as well as contact data of users, user names of the authorized users), contract data (e.B. services used, names of contact persons, payment information) as well as the IP address and the time of the respective user action as well as the user ID and the URLs accessed. This data is stored in the log files of our system. In addition, the data of third parties entered by the user will be processed.

(2) The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. Consent is obtained upon conclusion of the contract.

The additional legal basis for the processing is Art. 6 para. 1 lit.b GDPR, since the processing of the aforementioned data serves to fulfill a contract to which the user is a party or the implementation of pre-contractual measures.

Furthermore, the processing to improve our services takes place in the interest of the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR

(3) Purpose of processing

of the inventory data (e.B., names and addresses as well as contact data of users) and contract data (e.B., services used, names of contact persons, payment information) are the execution of the contract as well as billing purposes.
of user names and the entries of the respective users in order to ensure the access authorization of the service.
The IP address, the time of the respective user action as well as the URLs accessed are used to optimize our services and the continuous improvement of the user experience.
of the data of third parties entered by the user is the execution of the contract and the provision of the contractually promised services.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations (in particular tax retention periods).

(5) Data subjects modify or delete the stored data at any time.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible unless contractual or legal obligations prevent deletion. In particular, the notice periods of existing contracts remain unaffected by this.

VIII. CONTACT FORM AND E-MAIL CONTACT

(1) The website contains a contact form, which can be used for electronic contact. When used, the data entered in the input mask is transmitted to the website and stored there. These data are:

Name
E-mail address
Content of the contact
IP address of the calling computer
Date and time of contact

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the request.

(2) The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR.

If the e-mail contact is aimed at the conclusion or performance of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit.b GDPR.

(3) The processing of personal data from the input mask serves solely to process the contact. If contacted by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of the information technology systems.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the data subject has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

(5) The data subject has the possibility to revoke his or her consent to the processing of personal data at any time. When contacting us by e-mail, the storage of personal data can be objected to at any time by e-mail or contact form. In such a case, however, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

IX. FACEBOOK CONNECT

On our website we use “Facebook Connect”, a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: “Facebook”). Facebook Connect makes it easier to register for services on the Internet. Instead of using a registration mask on our website, you can enter your login data for Facebook and then use our offer. By using “Facebook Connect”, your web browser automatically establishes a direct connection to the Facebook server. To register, you will be redirected to the Facebook page. There you can log in with your usage data. This will link your Facebook user account to our service. We have no influence on the scope and further use of data collected by Facebook through the use of Facebook Connect. To the best of our knowledge, Facebook receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, there is a possibility that Facebook will find out and store your IP address and, if applicable, other identification features.

We use Facebook Connect to make the registration and login process easier for you and to shorten it. This is also our legitimate interest in the processing of the above data.

You can prevent the processing of the above information by Facebook by using our registration mask and not using Facebook Connect.

In addition, Facebook has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. As a result, Facebook undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Third-party information: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information from the third-party provider on data protection can be found on the following Facebook website: https://www.facebook.com/about/privacy

XI. FACEBOOK IMPRESSIONS

On our website, we use “Facebook Impressions”, a service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as: “Facebook”). Facebook Impressions stores and processes information about your user behavior on our website. Facebook Impressions uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your device and that enable an analysis of your use of our website.

We use Facebook Impressions for marketing and optimization purposes, in particular to analyze the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in processing the above information.

We would like to point out that this setting will be deleted if you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. In addition, you can prevent the execution of Java Script code altogether by installing a Java Script blocker (e.B. https://noscript.net/ or https://www.ghostery.com ). We would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

XII. FACEBOOK PIXEL

Our website uses the visitor action pixel of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for conversion measurement.

In this way, the behavior of site visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook advertisement. In this way, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures can be optimized.

The data collected is anonymous to us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of Facebook pixels is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. In Facebook’s privacy policy you will find further information on the protection of your privacy: https://de-de.facebook.com/about/privacy/.

You can also disable the Custom Audiences remarketing feature in the Ads Settings section of https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

XIII. COOKIE CONSENT

On our website we use “Cookie Consent”, a service of Silktide Ltd., Brunel Parkway, Pride Park, Derby, DE24 8HR, United Kingdom (hereinafter referred to as: “Silktide”). Cookie Consent stores and processes information about your user behavior on our website. Cookie Consent uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your device and that enable an analysis of your use of our website.

We use cookie consent for marketing and optimization purposes, in particular to analyze the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in processing the above information.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. In addition, you can prevent the execution of Java Script code altogether by installing a Java Script blocker (e.B. https://noscript.net/ or https://www.ghostery.com ). We would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

Third-party information: Silktide Ltd., Brunel Parkway, Pride Park, Derby, DE24 8HR, United Kingdom. Further information from the third-party provider on data protection can be found on the following website: https://silktide.com/privacy-policy/

XIV. ENCRYPTED DATA TRANSMISSION

As soon as you log in (“login“) or contact us, all data is transmitted via SSL technology via an encrypted connection. The required SSL certificate installed on the server was issued by an independent organization.

You can recognize an encrypted connection by the fact that the address line of the browser changes from http:// to https:// (in progress)

As soon as the encrypted SSL/TSL connection is established, your entries that you transmit to the shop can no longer be read by third parties.

XV. RIGHTS OF THE DATA SUBJECT

If personal data is processed by , the users are “data subjects” within the meaning of the GDPR and have the following rights vis-à-vis the controller:

1. RIGHT TO INFORMATION

The data subject may request confirmation from the controller as to whether personal data are being processed.

If such processing exists, the controller may be requested to provide information on the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom such personal data have been or will be disclosed;

(4) the planned duration of the storage of the personal data or, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of personal data, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data, where the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

There is the right to request information as to whether the personal data is transferred to a third country or to an international organisation. In this context, it may be requested to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

2. RIGHT TO RECTIFICATION

There is a right to rectification and/or completion vis-à-vis the controller if the personal data processed is incorrect or incomplete. The controller must make the correction without delay.

3. RIGHT TO RESTRICTION OF PROCESSING

The restriction of the processing of personal data may be requested under the following conditions:

(1) if you contest the accuracy of the personal data for a period of time that allows the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and the erasure of the personal data is refused and instead the restriction of the use of the personal data is requested;

(3) the controller no longer needs the personal data for the purposes of the processing, but these are required for the establishment, exercise or defence of legal claims, or

(4) if an objection has been lodged against the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override the reasons of the data subject.

Where the processing of personal data has been restricted, such data may only be processed, with the exception of their storage, with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, the data subject will be informed by the controller before the restriction is lifted.

4. RIGHT TO ERASURE

There is a right from the controller to request that the personal data be deleted without undue delay and the controller is obliged to delete this data without undue delay if one of the following reasons applies:

(1) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) The consent on which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR is revoked and there is no other legal basis for the processing.

(3) In accordance with Article 21 (1) GDPR, an objection is lodged against the processing and there are no overriding legitimate grounds for the processing, or an objection is lodged against the processing in accordance with Article 21 (2) GDPR.

(4) The personal data have been unlawfully processed.

5. The erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data have been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that data subjects have requested the erasure by them of any links to, or by have requested copies or replications of this personal data.

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

Obligation to delete
Information to third parties
Exceptions

5. RIGHT TO INFORMATION

If the right to rectification, erasure or restriction of processing has been asserted against the controller, the controller is obliged to inform all recipients to whom the personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

The controller has the right to be informed about these recipients.

6. RIGHT TO DATA PORTABILITY

There is the right to receive the personal data provided to the Controller in a structured, commonly used and machine-readable format. In addition, there is the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that:

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit.b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, there is also the right to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. RIGHT TO OBJECT

There is the right, on grounds relating to the particular situation of the data subject, to object at any time to the processing of personal data based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If the personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.

If the processing for direct marketing purposes has been objected to, the personal data will no longer be processed for these purposes.

It is possible, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise the right to object by automated means using technical specifications.

8. RIGHT TO REVOKE THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW

There is the right to revoke the declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILIN

There is the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him or her. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between the data subject and the controller,

(2) is permitted by Union or Member State law to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) with the express consent of the data subject.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

10. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of the data subject’s habitual residence, place of work or place of the alleged infringement, exists if there is a view that the processing of personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.