Data protection statement pursuant to the GDPR
Name and address of responsible party
The responsible party pursuant to art. 4 (7) of the EU General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
GIKO Verpackungen GmbH
Römerweg 2, 6837 Weiler, Austria
T +43 5523 5908, email@example.com
Managing Director: Gerhard Lehner, Martin Giesinger
Companies Register No.: FN 284467i
Company Registry Court of Jurisdiction: Feldkirch District Court
VAT number: ATU 62975711
Responsible chamber of commerce: Vorarlberg Chamber of Commerce
Released in Austria regarding proprietary packaging under ARA license number 2550.
We utilize current technical measures to guarantee data protection, in particular for the protection of your personal data from risks of data transfer as well as from access by third parties. These are adapted pursuant to the current state of the art of technology. For security reasons and to protect the transfer of personal information and other confidential content (such as requests to the responsible party), our website uses an SSL or TLS encryption. You can recognize an encrypted connection by the characters “https://” and the lock symbol in your browser header.
General information on data processing
1. Scope of processing of personal information Contact
Personal data is collected within the framework of contact (e.g. by contact form, whitepaper, e-mail). The type of data collected in the case of a contact form can be seen on the relevant contact form. This data will only be saved and used to answer your questions or for contacting you and the associated technical administration. The legal basis for the processing of the data is our vested interest in answering your query pursuant to article 6 (1) (f) GDPR.
If your contact is regarding the conclusion of a contract, there is an additional legal basis for the processing, article 6 (1) (b) GDPR. Your data will be deleted after final processing of your query. This is the case when for certain reasons the affected question has been clarified and if no other legal storage requirements apply.
Data processing for contract conclusion
According to article 6 (1) (b) GDPR, personal data are continued to be collected and processed if you provide this for the implementation of a contract. The type of data collected can be seen on the relevant entry form. Deletion of data is always possible and can be requested through a message to the responsible party at the aforementioned address.
We store and use the data provided by you for conclusion of the contract. After completion of the contract, your data are locked in consideration of the tax and commercially required storage periods and after these deadlines expire the data is deleted if you have not expressly agreed to the further use of your data or if there is a legally permissible other use of data on our part, of which we will inform you accordingly.
Contact for direct advertising
Based on our vested interest in personal direct advertising, we reserve the right to store your first and last name, your postal address and, if we have received this additional information within the framework of the contractual relationship or via our whitepaper, you full name, your e-mail address and your occupational, industry or business name pursuant to article 6 (1) (f) GDPR, and to use these for the dispatch of interesting offers and information on our products by e-mail.
You may always object to the storage and use of your data for this purpose at any time by sending a message to the responsible party.
2. Legal reasons for the processing of personal information
To the extent that we receive consent for the processing of personal data for the affected person, article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) is the legal basis.
In the processing of personal data required for the fulfilment of a contract, for which the contractual party is the affected person, article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing procedures that are required for pre-contractual measures.
If processing of data is required for the fulfilment of a legal requirement to which our company is subject, article 6 (1) (c) GDPR is the legal basis.
In the case that essential interests of the affected person or another natural person require the processing of personal data, article 6 (1) (d) GDPR serves as the legal basis.
If the processing is required to protect a vested interest of our company or of a third party and do not outweigh the interests and basic rights and freedoms of the affected party of the first listed interest, article 6 (1) (f) GDPR is the legal basis.
3. Purpose of data processing
The processing of personal data from the input mask only serves for the processing of contact. In the event of contact by e-mail, this also includes the required vested interest in processing the data. The other personal data processed during the dispatch process serve to prevent a misuse of the contact form and to ensure the security of our information technology systems.
4. Data deletion and duration of storage
The personal data of the affected person will be deleted or locked as soon as the reason for storage no longer applies. Saving may also occur if required by European or national legislation under union law ordinances, laws or other provisions to which the responsible party are subject. Locking or deletion of the data is also done when a prescribed storage period lapses, as set forth by the standards listed, unless there is a requirement for further storage of the data for concluding a contract or fulfilment of a contract.
Provision of the website and creation of logfiles
1. Description and scope of data processing
For every visit to our website, our system collects automated data and information from the computer system of the visiting computer.
The following data are collected:
- The IP address of the user
- Date and time of access
- Websites from which the system of the user accesses our internet site
- Information on browser type and the version used
- The user operating system
- The internet service provider of the user
The data are also stored in our system in logfiles. Storage of these data together with other personal data of the user does not occur.
2. Legal foundation for data processing
The legal foundation for temporary storage of data and logfiles is article 6 (1) (f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the computer of the user. For this, the IP address of the user is stored until the deletion of the logfile.
The saving in logfiles is done to ensure the functionality of the website. The data also serve for the optimization of the website and to ensure the security of our informational-technical system. An analysis of the data for marketing purposes does not occur within this context.
Our vested interest in data processing pursuant to article 6 (1) (f) GDPR also lies in these purposes.
4. Duration of Storage
The data will be deleted as soon as they are no longer required to achieve the purpose of its collection. In the case of the collection of data for provision of the website, this is the case when the relevant session is ended.
In the case data is stored in logfiles, it is deleted after seven days at the latest. Storage beyond that period is possible. In this case, the IP addresses of the user are deleted or encrypted so that assignment to the visiting client is no longer possible.
5. Right of objection and removal
The collection of the data to provide the website and the storage of data in logfiles is urgently required for the operation of the internet site. As a result, there is no right to objection on the part of the user.
Information is deposited in the cookie within the context of the specific end device used. This does not mean that we receive any immediate knowledge of your identity. The data processed by cookies are required for the purposes listed to ensure our vested interests as well as those of third parties according to article 6 (1) (1) (f) GDPR.
2. Session Cookies
3. Right of objection and removal
You’ll find this for your browser under the following links:
1. Description and scope of data processing
Contact is possible via the e-mail address provided on our internet site. In this case, the personal data of the user provided in the e-mail is saved.
Within this context, there is no further forwarding of the data to third parties. The data are used exclusively for the processing of the conversation.
2. Legal foundation for data processing
The legal basis for the processing of the data if there is consent by the user is article 6 (1) (a) GDPR. The legal basis for the processing of the data transferred during the dispatch of an e-mail is article 6 (1) (f) GDPR. If the purpose of your e-mail is contact regarding the conclusion of a contract, there is an additional legal basis for the processing, article 6 (1) (b) GDPR.
3. Purpose of data processing
The processing of personal data from the contact by e-mail only serves for the processing of contact.
4. Duration of Storage
The data will be deleted as soon as they are no longer required to achieve the purpose of its collection. For personal data that are sent by e-mail, this is the case when the relevant conversation with the user is ended. The conversation is ended when it can be deduced from the circumstances that the relevant facts have been clarified.
The personal data collected during the dispatch procedure will be deleted at the latest after a deadline of seven days.
5. Right of objection and removal
The user has the right to revoke their consent to the processing of personal data at any time. If the users make contact by e-mail with us, they can always object to the storage of their personal data. In such a case, the conversation will not be continued. All personal information that is saved during contact will be deleted in this case.
Tracking Tools for Website Analysis
1. Purpose of data processing
We want to design our websites to be the best possible. So we use so-called “tracking tools” to technically improve our web offering. The tracking tools enable us to measure the use of our web offerings. The information we collect using the tracking tool includes the following:
- Which links do online users click on on other websites to get the www.giko.com?
- Which of our pages are visited, how often and in which sequence
- Which information are users searching for on our website?
- Which links or products do users of our website click on?
From this information, we can create statistics to help us understand the following questions:
• Which pages are particularly attractive to the users of our website?
• Which items interest our users most?
For this, we use in particular the automatically collected data mentioned above in the section Description and scope of data processing. The data are only saved using a pseudonym. The legal basis for this is your consent in terms of article 6 (1) (a) GDPR and article 6 (1) (f) GDPR (consideration of interests, based on our interests in adapting the website best to the interests and needs of the users).
2. Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics utilizes so-called “Cookies”, text files which are saved on your computer and which enable an analysis of your use of the website. The information created by cookies about your use of the website is usually transferred to a Google server in the USA and stored there. In the event of activation of IP anonymisation on this website, your IP address is first truncated by Google within the member states of the European Union or in other contractual states of the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operators of this website, Google will use this information to analyse your use of the website, to collate reports on the website activities and to provide other services to the website operator having to do with website use and internet use. The IP address collected from your browser within the framework of Google Analytics will not be consolidated with other Google data.
You can prevent the storage of cookies by using the appropriate browser setting. We do note, however, that in that case, you will not have access to all of the functions of this website. You can also prevent the information created by the cookie about your use of the website being sent to Google (including your IP address), and prevent Google processing this data. To do this, download and install the browser plugin available using the following link: (https://tools.google.com/dlpage/gaoptout?hl=en).
This uses Google Analytics with the extension “_anonymizeIp()”. This enables IP addresses to be further processed in truncated form, so any association with a particular person can be ruled out. If the data collected about you leads to a personal reference, this will be immediately ruled out and the personal data deleted immediately.
We use Google Analytics to analyse and regularly improve the use of the website. Using the statistics collected, we can improve our offering and make it more interesting for you as a user. For cases of exception in which personal data are transferred to the USA, Google has become subject to the EU-US Privacy Shield, https://www.privacyshield.gov/European-Businesses.
The processing of your data within the framework of Google Analytics is done to ensure the vested interests of Intervox. Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://marketingplatform.google.com/about/analytics/terms/us/, Overview of data protection: https://support.google.com/analytics/answer/3379636?hl=en,
and the data protection statement: https://policies.google.com/privacy?hl=en-GB&gl=de
Objection to data collection: You can also prevent the information created by the cookie about your use of the website being sent to Google (including your IP address), and prevent Google processing this data. To do this, download and install the browser plugin available using the following link: https://tools.google.com/dlpage/gaoptout?hl=en
3. Google Adwords / Remarketing
We also use the remarketing function in Google AdWords of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). With the remarketing function, Random House users of the website interest-based advertisements on other websites within the Google advertising network (meaning on Google itself, so-called “Google Ads” or on other websites). For this, the interaction of users on our website is analysed, in particular the offers for which the users are interested, and after the visit to our website are able to be displayed on other websites as targeted advertising.
For this, Google saves cookies in the browsers of users who visit certain Google services or websites in the Google display network. The user visits are recorded using these cookies. This number serves for the clear identification of a web browser on a certain computer and not to identify a person. Personal data are not saved.
Order Data Processing
We have concluded a contract for order data processing with Google approved by the German data protection authorities.
4. Google AdWords / Conversion Tracking
We also use the Conversion Tracking function in Google AdWords of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). If you click on a Google ad, a cookie is placed on your computer for Conversion Tracking. These cookies become invalid after 30 days, contain no personal information and do not serve for personal identification. If you visit certain pages on our website, and the cookie has not expired, Google and we can see that you have clicked on the advertisement and were forwarded to this page.
Every Google AdWords customer receives a different cookie. Cookies can thus not be traced via the websites of AdWords customers. The information collected using conversion cookies serve for the creation of conversion statistics for AdWords customers who have decided to use conversion tracking. The AdWords customers can see the total number of users that have clicked on their advertisement and who were forwarded to a page equipped with a conversion tracking tag. They do not receive any information that can be used to identify a user personally.
You can find more information on Google AdWords and the Google data protection statement at: www.google.com/privacy/ads.
Order Data Processing:
We have concluded a contract for order data processing with Google approved by the German data protection authorities.
5. Doubleclick by Google
We also use Doubleclick by Google. Doubleclick by Google is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google serves for presenting you relevant advertisements. You see these advertisements on our website and on the websites of other providers who also work with Google.
• Which websites have you visited?
• Which advertisements from Google were you shown?
• On which advertisements have you clicked?
Based on this information, Google selects advertisements that Google presents to you. You can manage the display of such advertisements here. You can find information on Google advertising here. You can view additional information on data protection at Google here. Google operates its servers in the USA, meaning in a third-party country outside of the EU.
The Doubleclick service from Google transmits your data to this server. There is currently no decision by the European Commission that the USA generally offers a suitable protection level. However, Google has subjected itself to the “EU-US Privacy Shield Framework”, which offers suitable and adequate guarantees.
You can find additional information on this here. The legal basis for the integration of Doubleclick by Google described in this section is article 6 (1) (f) GDPR (consideration of interest, based on our interest, marketing the website for advertising purposes). Google collects and processes the data under its own responsibility within this framework.
6. Use of Google Webfonts
To display our content correctly and graphically attractively on all browsers, on this website we use fonts from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (Google Webfonts).
Google Webfonts is transferred to the cache of your browser to prevent multiple loading. A connection to Google is created automatically. In this it is theoretically possible that operators of these libraries collect personal data, although it is currently unclear if they do and for which purposes. You can view the data protection guideline of Google at https://www.google.com/policies/privacy/ . Data protection settings for Google can be changed at https://adssettings.google.com/authenticated.
7. Use of the Google Tag Manager
Google Tag Manager is used on the website, a service from Google Inc. (“Google”). Through this service, website tags can be managed via an interface. The Tag Manager tools itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool ensures the activation of other tags that then collect data under certain circumstances. Google Tag Manager does not access this data. If there is a deactivation on the domain or cookie level, this still exists for all tracking tags implemented with Google Tag Manager.
8. Use of Facebook Plugins
We also use functions of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. By clicking on the relevant Facebook plugin, a connection is created between your browser and the Facebook servers. In this way, various functionalities of Facebook can be used. The legal basis for this is article 6 (1) (b) GDPR (contract fulfilment and pre-contractual measures). With a click on the Facebook plugin, data are transferred from your browser to Facebook in the USA.
There is currently no decision by the European Commission that the USA generally offers a suitable protection level. Facebook has accepted the obligation to adhere to the Privacy Shield Agreement between the EU and the USA published by the US Department of Commerce on the collection, use and storage of personal data from the member states of the EU. You can find further information directly from Facebook at: https://www.facebook.com/about/privacyshield
If you have a Facebook account, the data transferred from your browser may be linked to your Facebook account. If you do not want this data to be assigned to your Facebook account, please log out of Facebook before clicking on the Facebook plugin. Interactions, in particular the use of comment functions or clicking on “like” or “share” will also be transmitted to Facebook. You can find more at Facebook at: https://www.facebook.com/privacy/explanation
9. Facebook Custom Audiences
We use Facebook Website Custom Audiences on our websites. So-called Facebook Pixels are integrated into our websites. This involves Java Script code: These pixels generate a hash value from your use data, which is transmitted to Facebook, such as browser information. If present, the Facebook cookie is contacted and your Facebook ID transmitted.
If you have a Facebook profile and log in there, you may be presented with targeted individual advertisements for our products and offers through the data transmitted by the pixels. Data from users who do not have a Facebook profile are rejected by Facebook unused. Further information about the purpose and scope of data collection and the additional processing and use of the data by Facebook and your setting options for the protection of your privacy can be found in the data protection guidelines of Facebook.
If you do not want this data to be collected, you can object using the following link and deactivate data collection: https://www.facebook.com/help/769828729705201.
10. LinkedIn Analytics und LinkedIn Ads
We use the Conversion Tracking Technology on our website and the retargeting function of the LinkedIn Corporation.
Using this technology, visitors to this website will be shown personalized advertisements on LinkedIn. In addition, there is the option of creating anonymous reports on the performance of the advertisements and information on website interaction. For this, the LinkedIn Insight Tag is connected to this website, through which a connection to the LinkedIn server is established, if you visit this website and are logged into your LinkedIn account at the same time.
In the data protection guideline of LinkedIn at https://www.linkedin.com/legal/privacy-policy you will find additional information on data collection and data use as well as your options regarding the right to protection of your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising.
11. Use of SalesViewer® technology:
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.
The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
Integration of YouTube-Videos
Content from third party providers is integrated into this website. This content is provided by Google Inc. (“provider”). YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Extended data protection settings are activated for YouTube videos that are integrated into our website.
This means that no information of website visitors will be collected by YouTube and saved unless your play this video. The purpose and scope of data collection and additional processing and use of the data by the provider and your rights and setting options to protect your private sphere are found in the data protection information of Google.
We note that YouTube can utilize Google Analytics and refer you to the data protection statement (https://www.google.com/policies/privacy) as well as opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or to the settings of Google for data use for marketing purposes (https://adssettings.google.com/). If you call up our page and are logged in to YouTube, YouTube will recognize information collected by the components on which concrete site you are visiting and assign this information to your personal YouTube account.
For example, if you click on the “play” button or enter particular comments, this information will be transferred to your personal user account at YouTube and saved there. In addition, the information that you have visited our site will be transmitted to you tube. This occurs regardless of whether you click on the components for example, or make comments or not.
If you want to prevent this transmission and saving of data about you and your actions on our website by YouTube, you must first log out of YouTube before visiting our site.
Rights of the affected party
If personal data are processed about you, you are the affected party in terms of the GDPR and you have the following rights with regard to the responsible party:
1. Right to Information
You can ask the responsible party for a confirmation of whether your personal information has been processed by us.
If processing has occurred, you can request a notification from the responsible party on the following information:
(1) the purposes for which the personal data are being processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom your personal data will be provided or will be provided;
(4) the planned duration of the storage of your personal data or, if there is no concrete information available, criteria for the determination of the term of storage;
(5) the existence of a right to correction or deletion of your personal data, a right to limitation of the processing by the responsible party or the right to object to this processing;
(6) the existence of a right to object to an oversight authority;
(7) all available information about the origin of the data, if the personal data are not collected from the affected party;
(8) the existence of an automated decision including profiling pursuant to article 22 (1) (4) GDPR and, at least in these cases, significant information about the logic involved and the scope and sought-after effects of this type of processing for the affected party. In addition, you have the right to request information about whether your information has been transferred to a third party country or to an international organization. Within this context, you can request that you be informed about the suitable guarantees pursuant to article 46 GDPR regarding transfer.
2. Right to Correction
You have the right to correction and/or completion if your personal data were processed improperly or are incomplete. The responsible party must perform the correction immediately.
3. Right to limitation of processing
Under the following conditions, you can request that the processing of your personal data be limited:
(1) if you are contesting the correctness of your information for a duration that enables us to check the correctness of your data;
(2) the processing was improper and you decline the deletion of your data and instead wish to limit the use of your personal data;
(3) the responsible party no longer needs your data for processing purposes, but you require them for enforcement, execution or defence of legal claims, or
(4) if you have submitted an objection to the processing pursuant to article 21 (1) GDPR, and it is not yet clear whether the vested interests of the responsible party supersede your interests. If the processing of your information is limited, these data – except from your saving – will only be processed with your consent or for the enforcement, execution or defence of legal claims or to protect the rights of other natural or legal persons in the vested interest of the Union or member state. If the limitation of processing is limited according to the aforementioned conditions, you will be notified by the responsible before the limitation is lifted.
4. Right to Deletion
a) Obligation to Delete
You may request that the responsible party immediately deletes your personal data and the responsible party is obligated to delete this data immediately if one of the following reasons apply:
(1) Your personal data are no longer necessary for the purposes for which they were collected or for any other processing.
(2) You revoke your consent to processing pursuant to article 6 (1) (a) or article 9 (2) (a) GDPR, and there is no other legal reason for processing.
(3) You submit an objection pursuant to article 21 (1) GDPR against processing and there are no other paramount reasons on our part for processing or you submitting an objection to processing pursuant to article 21 (2).
(4) Your personal data were improperly processed.
(5) The deletion of your personal data is necessary for the fulfilment of a legal obligation according to Union law or the rights of the member states to which the responsible party is subject.
(6) The personal data regarding you were collected during offered services of the information society pursuant to article 8 (1) GDPR.
b) Information to third parties.
If the responsible party has published your personal information and is obligated to delete them under article 17 (1) GDPR, they are obligated to take proper measures under consideration of available technology and the implementation costs, even of a technical type, to inform the person responsible for the data processing of the personal data that they have requested the deletion of all links to this personal data or copies or replications of these personal data.
The right to deletion does not apply if processing is required.
(1) to exercise the right to free freedom of expression and information;
(2) to fulfil a legal obligation that requires the processing under the laws of the Union or member states to whom the responsible party is subject, or to fulfil a task in the public interest or in exercise of public authority that is transferred to the responsible party;
(3) for reasons of public interest in the area of public interest pursuant to article 9 (2) (h) and (i) and article 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or research purposes or for statistical purposes pursuant to article 89 (1) GDPR and the right listed under section a) regarding the realization of the purposes of this processing which makes this processing impossible or seriously affects it, or
(5) to realize, exercise or defend legal claims.
5. Right to Information
If you have exercised the right to correction, deletion or limitation of processing, the responsible party is obligated to notify all recipients who have received your information of this notification or deletion of data or limitation of processing, unless this is impossible or associated with an unreasonable expense.You have the right to be informed about these recipients by the responsible party.
6. Right to Data Transferability
You have the right to receive your personal data that you have provided to the responsible party in a structured, regular and machine readable format. You also have the right to have this data transferred to another responsible party without hindrance by the responsible party, if,
(1) the processing is based on consent pursuant to article 6 (a) GDPR or based on a contract pursuant to article 6 (1) (b) GDPR and
(2) processing is done using an automated method. In exercising this right, you also have the right to have your personal data directly transferred from one responsible party to another responsible party if technically possible. Freedoms and rights of other persons may not be affected by this. The right of data transferability does not apply to the processing of personal data that is required for fulfilling a task that is within the public interest or within the exercise of public authority that was transferred to the responsible party.
7. Right to Objection
You have the right to submit an objection to the processing of your data for reasons resulting from your special situation pursuant to article 6 (1) (e) or (f) GDPR; this also applies to profiling supported by these provisions.
In this case, the responsible party will no longer process your information unless they have urgent reasons for processing that supersede your rights and freedoms or if the processing serves for the enforcement, execution or defence of legal claims.
If your data are processed for direct advertising purposes, you have the right to submit an objection at any time against the processing of your data for the purpose of such advertisement; this also applies to profiling if in connection with such direct marketing.
If you object to the processing for purposes of direct marketing, your data will no longer be processed for this purpose. You have the possibility within the context of the use of services in the information society – notwithstanding the directive 2002/58/EU – to exercise your right to object using automated procedures in which technical specifications are used.
8. Right to revoke your declaration of consent under data protection laws
You have the right to revoke your declaration of consent under data protection laws. By revoking your consent, the legality of processing until the time of revocation is not affected.
9. Automated decision in individual cases including profiling
You have the right to not be subjected to a decision regarding non-exclusive automated processing, including profiling, which has a legal effect on you or otherwise affects you in a similar way. This does not apply if the decision
(1) is required for the conclusion or fulfilment of a contract between you and the responsible party,
(2) is permissible based on the legislation of the Union or the member states to which the responsible party is subject, and contains measures to guarantee your rights and freedoms and your vested interest, or
(3) occurs with your express consent. However, these decisions may not be based on special categories of personal data pursuant to article 9 (1) GDPR if article 9 (2) (a) or (g) GDPR applies and adequate measures are taken to protect the rights and freedoms and your vested interest.
Regarding the cases listed in (1) and (3), the responsible parties will take appropriate measures to guarantee your rights and freedoms and your vested interests, in which at least the right of the act of intervention of a person on the part of the responsible party to expressing their own standpoint and to appeal of the decision.
10. Right to submit a complaint to the oversight authorities
Notwithstanding any other administrative or legal assistance, you have the right to submit a complaint to the oversight authorities, in particular in the member state of your residence, your workplace or the location of the supposed violation, if you are of the opinion that the processing of your personal data violates the GDPR. The oversight authorities, to which the complaint was submitted, will notify the complainant about the status and results of the complaint including the possibility of legal assistance pursuant to article 78 GDPR.
Weiler, June 2020