Privacy

Privacy Policy

Thank you for your interest in our website. As a member of Verein sicherer und seriöser Internetshopbetreiber e. V., the protection of your personal data is a matter of great importance to us. Below, we inform you transparently and in clear, understandable language about the collection of data and its scope, what your data is used for, and what rights you have.

You have the right at any time to obtain, free of charge, information about the origin, recipient or recipients, and purpose of your stored personal data. You also have the right to request the correction, restriction, or deletion of this data. If you have any questions about this or about data protection in general, you may contact the person responsible for data processing at any time. The person responsible for data processing is named in Section 1 of this Privacy Policy. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. Your rights in detail and more comprehensive explanations can be found in Section 6 of this Privacy Policy.

Your data is collected, stored, and processed in compliance with the applicable statutory provisions. Personal data is any type of data by which you can be identified as a person.

Who is responsible for data processing?

Within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection provisions, the controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (names, contact details, etc.).

The controller responsible for data processing on this website is:

Frank Schlattner Siemensstr. 4 72622 Nürtingen Germany Phone: +49-(0)7022/61212 Email: info@kobra.de

What data is collected and processed on our website?

2.1 Automated collection of data

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer in so-called server log files. Some of this data is technically necessary in order to display our website to you. No merging with data from other sources takes place. The following data is collected:

Pages accessed
Browser types and versions used
The operating system used by the accessing system
The website from which an accessing system reaches our site
The date and time of access to the page
The internet service provider of the accessing computer
The internet protocol address used (IP address)

The legal basis for data processing is Art. 6(1)(f) GDPR, which permits us to process the data where a legitimate interest exists. In this case, our legitimate interest is the reliable and error-free functioning of our website. No other processing of this data takes place.

2.2 Collection of personal data

2.2.1 Data collection and processing when opening a customer account and during contract performance

If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for concluding a contract. Data is collected only to the minimum extent necessary; mandatory fields can be identified by the corresponding markings in the input form. Deletion of the customer account is possible at any time and free of charge. If you wish to delete your account, please contact the controller responsible for data processing named in Section 1 of this Privacy Policy.

We use your data only for the purpose for which you registered or for contract performance. The legal basis for data processing is Art. 6(1)(b) GDPR, which permits us to process the data where this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures.

The customer data collected will be blocked after completion of the order, after termination of the business relationship, or after deletion of your customer account, and deleted after expiry of retention periods under tax and commercial law, unless you have consented to further use of your data.

2.2.2 Data collection and processing when using our email address or contact function

In the case of emails or messages sent via the contact form, we store your data until the processing of your request has been completed. Mandatory information in the contact form can be identified by the corresponding markings in the input fields. The data is used exclusively for processing your request; once processing has been completed, your data will be deleted.

The legal basis for data processing is Art. 6(1)(f) GDPR, which permits us to process the data where a legitimate interest exists. In this case, our legitimate interest is responding to your message or handling your request.

2.2.3 Newsletter function, data processing, and right to object

2.2.3.1 You have subscribed to our newsletter

If you subscribe to our free newsletter, data from the registration form is transmitted to us. Mandatory fields can be identified by the corresponding markings in the input form and are limited to the minimum necessary extent (email address). During the registration process, your consent to the processing of your data is obtained, and reference is made to this Privacy Policy.

The legal basis for data processing is Art. 6(1)(a) GDPR, which permits us to process the data if you have consented to the processing.

The data is not passed on to third parties and is used exclusively for sending newsletters. You may object to the newsletter subscription (your consent) at any time with effect for the future. Every newsletter contains a link for unsubscribing; alternatively, you can also unsubscribe directly via our website.

Of course, your wish to unsubscribe from the newsletter may also be addressed directly to the controller responsible for data processing named in Section 1 of this Privacy Policy. After unsubscribing from the newsletter, the data will be deleted unless you have consented to further use or unless we reserve the right to further use your data as legally permitted, as explained below in Section 2.2.3.2.

2.2.3.2 If we send newsletters to existing customers

If you have purchased goods or services on our website and provided your email address in this context, we may use it to send you a newsletter unless you have objected. In such a case, the newsletter will contain only direct advertising for similar goods or services from our own range.

The legal basis for sending the newsletter following the sale of goods or services is Section 7(3) of the German Unfair Competition Act (UWG).

The legal basis for data processing is Art. 6(1)(f) GDPR, which permits us to process the data where a legitimate interest exists. In this case, our legitimate interest is to send you personalized advertising. You may object to the use of your data for this purpose at any time with effect for the future. To object, please contact the controller responsible for data processing named in Section 1 of this Privacy Policy.

2.2.3.3 Newsletter performance measurement

Our newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or from the server of a mailing service provider if one is used. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval.

This information is used for the technical improvement of the services on the basis of technical data, as well as for analyzing target groups and their reading behavior on the basis of retrieval locations (which can be determined using the IP address) or access times. Statistical evaluation also includes determining whether newsletters are opened, when they are opened, and which links are clicked.

Although, for technical reasons, this information can be assigned to individual newsletter recipients, neither we nor, if applicable, the mailing service provider aim to monitor individual users. Rather, these evaluations help us identify the reading habits of our users in order to adapt our content to them or to send different content according to the interests of our users.

2.3 Disclosure of data to third parties for contract performance

2.3.1 Disclosure to shipping service providers in general and to banks

For payment processing and, where applicable, delivery of goods, we disclose personal data to service providers (third parties) to the minimum extent necessary, provided this is required for contract performance.

If we pass your data on to a shipping service provider (such as DHL), the legal basis is Art. 6(1)(b) GDPR, which permits us to process the data where this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures.

If we pass your payment data on to the commissioned bank, the legal basis is likewise Art. 6(1)(b) GDPR.

2.3.2 Disclosure of email address and/or telephone number to shipping service providers

On our website, you may consent to the disclosure of your email address and/or telephone number in order to enable the selected shipping service provider to announce the delivery or coordinate it with you. Below we inform you which data is transmitted to the shipping service provider and on which legal basis this occurs.

2.3.2.1 DHL

If your goods are delivered by DHL and you have expressly consented during the ordering process to the disclosure of your email address, this address may be passed on to DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn) for the purpose of announcing the delivery or coordinating the delivery date.

The legal basis for data processing is Art. 6(1)(a) GDPR, which permits us to process the data if you have consented to the processing. If you do not consent to the disclosure of your email address, delivery will take place in accordance with the conditions set out in Section 2.3.1 of this Privacy Policy. In that case, announcement of delivery or coordination of the delivery date by DHL is not possible.

Any consent given for the use of data may be withdrawn at any time with effect for the future. For this purpose, please contact the controller responsible for data processing named in Section 1 of this Privacy Policy, or the shipping service provider directly.

2.3.3 Payment service providers

On our website, you may choose between various payment service providers. Below we inform you which data is transmitted and on which legal basis this occurs.

2.3.3.1 Invoice or direct debit

If you choose payment by invoice or direct debit, we reserve the right to obtain credit information about you. A credit report may contain scoring values (= probability values). These scoring values are based on a scientifically recognized mathematical-statistical procedure. Your address data is also included in the calculation of the score values, among other data.

The legal basis for data processing is Art. 6(1)(f) GDPR, which permits the processing of data where a legitimate interest exists. In this case, the legitimate interest is to establish your identity and/or creditworthiness.

You may object to the processing of your personal data at any time. However, we may remain entitled to process, use, and transmit the personal data if this is necessary for contractual payment processing by us, required by law, or required by a court or public authority.

2.3.3.2 PayPal

If you choose this payment service provider, the data necessary for payment will be transmitted to PayPal (PayPal Europe, S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

Further information on data processing by PayPal can be found in the PayPal Privacy Statement.

The legal basis for this is Art. 6(1)(a) GDPR, which permits us to process the data if you have consented to the processing, and Art. 6(1)(b) GDPR, which permits us to process the data where this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures. You have the right to withdraw your declaration of consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

The legal basis for data processing is also Art. 6(1)(f) GDPR, which permits the processing of data where a legitimate interest exists. In this case, the legitimate interest is to establish your identity and/or creditworthiness.

You may object to the processing of your personal data at any time. However, PayPal may remain entitled to process, use, and transmit the personal data if this is necessary for contractual payment processing by PayPal, required by law, or required by a court or public authority.

If you wish to object to the use of your data or notify changes concerning the stored data, you may contact PayPal directly.

2.3.3.3 secupay (credit card)

If you choose this payment service provider, order data and your personal data will be transmitted to secupay AG (secupay AG, Goethestraße 6, 01896 Pulsnitz). Order data means data relating to the items, the delivery method, and the invoice amount. Your personal data in this context includes first name, last name, address, telephone number, email address, and IP address.

When paying by credit card, data is transferred solely for the purpose of payment processing. The legal basis for this is Art. 6(1)(b) GDPR, which permits us to process the data where this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures.

The legal basis is also Art. 6(1)(f) GDPR, which permits the processing of data where a legitimate interest exists. In this case, the legitimate interest is to establish your identity and/or creditworthiness.

If you wish to object to the use of your data or notify changes concerning the stored data, you may contact secupay directly.

What are cookies and what data is processed?

3.1 Cookies set by our website

Our website uses so-called cookies. Cookies are text files that are stored in the internet browser or by the internet browser on your computer. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can still be identified after a page change, for example in order to store and transmit the items in your shopping cart or your login information.

Most of the cookies we use are so-called session cookies, which are automatically deleted when the browser is closed. Some cookies remain stored on your device and enable recognition when you visit the site again (so-called persistent cookies). These are automatically deleted after a predefined period. More detailed information on individual cookies can be found in your browser settings.

The setting options differ depending on the browser. Help on the available settings can be found for the most common browsers under the following links:

Firefox: Cookie settings in Firefox
Safari: Cookie settings in Safari
Chrome: Cookies in Chrome
Opera: Cookie settings in Opera
Microsoft Edge: Microsoft Edge cookie help

The legal basis for data processing is either Art. 6(1)(a) GDPR, which permits us to process the data if you have consented to the processing, or Art. 6(1)(b) GDPR, which permits us to process the data where this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures, or Art. 6(1)(f) GDPR, which permits us to process the data where a legitimate interest exists. In this case, our legitimate interest is to provide you with a technically error-free and functionally optimized website.

If we store other cookies on your device, for example from partner companies or for the analysis of your browsing behavior, we will inform you about this in detail below.

You can configure your browser so that you are informed about the setting of cookies and then allow them only in individual cases. You can also generally exclude the acceptance of cookies or accept them only in certain cases. In addition, you can configure your browser so that cookies are deleted when the browser window is closed.

Please note that if cookies are not accepted, the functionality of our website may be significantly restricted.

3.2 Comment functions on our website

For this function, your comment, your username (nickname, if provided), the time your comment was created, your IP address, and your email address are stored. Your data is stored until the content commented on by you has been completely deleted (or had to be deleted for legal reasons). We reserve the right to delete comments that have been challenged as unlawful by third parties.

The legal basis for storing and processing your comment, username, and the time the comment was created is Art. 6(1)(a) GDPR, which permits us to process the data if you have given us your consent. You have the right to withdraw your data protection consent declaration at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

The legal basis for processing your IP address and your email address is Art. 6(1)(f) GDPR, which permits us to process the data where a legitimate interest exists. In this case, our legitimate interest is to be able to take action in the event of legal violations such as insults or propaganda. We need your email address in order to contact you if your comment is challenged as unlawful by a third party.

3.3 Web analysis / marketing

3.3.1 Google Analytics

Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses.

It is used to assign analytical information to an end device in order to determine which content users have accessed within one or more usage processes, which search terms they used, whether they accessed content again, or how they interacted with our online offering. The time and duration of use are also stored, as well as the sources of users referring to our online offering and technical aspects of their devices and browsers.

Pseudonymous user profiles are created using information from the use of different devices; cookies may be used for this purpose. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, and subcontinent.

For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being deleted immediately. It is not logged, is not accessible, and is not used for any further purposes.

When Google Analytics collects measurement data, all IP queries are carried out on EU-based servers before traffic is forwarded to Analytics servers for processing.

3.3.2 Shopware Analytics

Purpose of processing: Together with our shop software service provider, acting as joint controllers, we evaluate certain information from our customer base (e.g. customer group, pages visited, click paths, date and time of the visit, information about the device used such as resolution, pixel density and operating system, referrer URL, browser information, locale, search queries, and time zone).

This information is prepared by an external service provider and transmitted to us in near real time so that we can monitor the use of our website and improve our offers.

Legal basis: Art. 6(1)(f) GDPR

Categories of data: Derivations from master and contact data (customer group, no individual customer data), usage data, connection data

Recipients of the data: shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller), IT service providers

Essence of the joint controllership: Joint responsibility exists between us and shopware AG. The data is collected in our shop and then transferred to Shopware servers or those of its service providers. With the exception of obtaining your consent for the use of cookies or comparable technologies and fulfilling these information obligations, all duties, in particular the implementation of data subject rights, are incumbent on shopware AG, which can be contacted at legal@shopware.com. You can also assert your rights with us; we will then forward your request accordingly to shopware AG. shopware AG can derive patterns of behavior on our store from the collected data, but cannot assign this data to you personally.

Intended third-country transfer: None

Do we store personal data on your device or read such data on the basis of your consent? Yes. Details can be found in the consent management.

3.4 Social media / Facebook plugins using the Shariff solution

Our online shop uses plugins of the social networks mentioned below.

Facebook - Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA

To better protect your data when visiting our online shop, these plugins are not integrated into the respective shop page without restriction, but only using an HTML link (the so-called Shariff solution by c’t). This ensures that when a page of our online shop containing such plugins is accessed, no connection is yet established with the servers of the provider of the respective social network.

If you click one of the buttons, a separate browser window opens and calls up the page of the respective provider, where you can, for example, activate the Like or Share button. For more detailed information on the scope of collection and the handling of your data, please refer to the provider’s respective privacy policy: Facebook Privacy Policy.

3.5 Privacy provisions on the use and application of YouTube

The controller has integrated components of YouTube on this website. YouTube is an internet video portal that enables video publishers to upload video clips free of charge and other users to view, rate, and comment on them, likewise free of charge. YouTube permits the publication of all kinds of videos, which is why complete film and television programs, as well as music videos, trailers, or videos created by users themselves, can be accessed via the internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of this website operated by the controller is accessed, on which a YouTube component (YouTube video) has been integrated, the internet browser on the data subject’s IT system is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. As part of this technical procedure, YouTube and Google obtain knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognizes, when a subpage containing a YouTube video is accessed, which specific subpage of our website the data subject is visiting. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information that the data subject has visited our website if the data subject is logged into YouTube at the time our website is accessed; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish such information to be transmitted to YouTube and Google, the transmission can be prevented by logging out of the YouTube account before visiting our website.

Further information about the collection and processing of personal data by YouTube and Google can be found in Google’s privacy policy: Google Privacy Policy.

How is the data secured?

The transmission of personal data takes place exclusively in encrypted form via an SSL or TLS connection. This applies both to messages sent via our contact function and to data relating to your order and payment transactions. Due to encryption, your sensitive personal data cannot be intercepted and viewed by unauthorized third parties.

You can recognize an encrypted connection by the fact that the browser address line begins with “https://” and by the lock symbol in the browser bar.

The data stored in the systems of our website is protected by passwords and cannot be viewed by unauthorized third parties.

Data transmission over the internet, for example when sending an email, is not 100% secure and may in some cases have security vulnerabilities.

How long is personal data stored?

How long your personal data is stored by us depends on the respective statutory retention period. Retention periods under commercial and tax law amount to 10 years from the end of the calendar year in which the data was collected. After expiry of these periods, the data is regularly deleted unless it is still required for the initiation or performance of a contract or unless we have a legitimate interest in continuing to store it.

What rights do you have vis-à-vis the controller responsible for data processing?

Below we list the rights you have under the General Data Protection Regulation (GDPR) vis-à-vis the controller responsible for data processing. The controller is named in Section 1 of this Privacy Policy. If personal data concerning you is processed, you are a “data subject” within the meaning of the GDPR.

6.1 Your right of access pursuant to Art. 15 GDPR

You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you may also request information about:

the purposes for which the personal data is processed
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will still be disclosed
the planned duration of storage of the personal data concerning you or, if specific information is not possible, the criteria used to determine the storage period
the existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
all available information as to the source of the data if the personal data was not collected from the data subject (that is, from you)
the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

You also have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

6.2 Your right to rectification pursuant to Art. 16 GDPR

You have the right to obtain from the controller without undue delay the rectification and/or completion of personal data concerning you if the processed personal data concerning you is inaccurate or incomplete.

6.3 Your right to erasure pursuant to Art. 17 GDPR

You may request that the controller erase the personal data concerning you without undue delay, and the controller is obliged to erase such personal data without undue delay if one of the following reasons applies:

6.3.1 Obligation to erase

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
The personal data concerning you has been processed unlawfully.
Erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

6.3.2 Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, that personal data.

6.3.3 Exceptions

The right to erasure does not exist insofar as processing is necessary

for exercising the right of freedom of expression and information
for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
for the establishment, exercise, or defense of legal claims

6.4 Your right to restriction of processing pursuant to Art. 18 GDPR

You have the right to request restriction of processing from the controller if one of the following conditions applies:

you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims, or
you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds

Where processing of the personal data concerning you has been restricted, such data may - apart from being stored - be processed only with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If restriction of processing has been lifted after having been restricted under the above conditions, you will be informed by the controller before the restriction is lifted.

6.5 Your right to notification pursuant to Art. 19 GDPR

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate such rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about those recipients.

6.6 Your right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance from the controller to whom the personal data was provided, provided that

the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a), or on a contract pursuant to Art. 6(1)(b), and
the processing is carried out by automated means.

In exercising your right to data portability, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

This right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability must not adversely affect the rights and freedoms of others.

6.7 Your right to withdraw your data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

6.8 Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

6.8.1 is necessary for entering into, or performance of, a contract between you and the controller, 6.8.2 is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or 6.8.3 is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests have been taken.

With regard to the cases referred to in 6.8.1 and 6.8.3, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view, and to contest the decision.

6.9 Your right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

6.10 RIGHT TO OBJECT

You have the right, on grounds relating to your particular situation, to object at any time with future effect to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by automated means using technical specifications.