Charge4Europe

Table of Contents

 

I. Preamble

II. Data Controller / Data Protection Officer / Supervisory Authority

III. Definitions of the Terms Used

IV. General Principles / Information

V. Registration / Setting-up of a User Account

VI. Data Processing for the Provision of the Website / Collection of Log Files

VII. Use of Cookies

VIII. Contact Form and Email Contact

IX. Rights of the Data Subject

I. Preamble

DKV, Rating, (hereinafter also we/us) is responsible for the Internet platforms of DKV EURO SERVICE GmbH + Co. KG, for short: "DKV".

 

Below, we would like to inform you comprehensively and in detail about how we shall protect your privacy, and how personal data is processed within the framework of our websites and/or our online platforms. Personal data will be deleted as soon as possible and will never be used for advertising purposes, or be passed on, without your consent.

 

If the information provided below is insufficient or incomprehensible, please do not hesitate to contact our data protection officer under the contact details given in Section II.

II. Data Controller / Data Protection Officer / Supervisory Authority

Data controller

Charge4Europe GmbH (C4E)

Lindenallee 6

45127 Essen

E-Mail: dataprotection@charge4europe.com

Website: www.charge4europe.com

Relevant supervisory authority

LDI Nordrhein-Westfalen

Postfach 20 04 44

40102 Düsseldorf

Tel.: +49 211 38424-0

Fax: +49211 38424-10

E-Mail: poststelle@ldi.nrw.de

Website: www.ldi.nrw.de

Currently a data controller does not need to be appointed in accordance with the legal regulations.

III. Definitions of the Terms Used

The definitions of the terms used are governed by the Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "General Data Protection Regulation" or "GDPR"). In particular, the definitions under Articles 4 and 9 GDPR apply.

IV. General Principles / Information

1. Scope of the processing of personal data

In principle, we collect and use personal data of our users only insofar as this is necessary for rendering and providing our services and for providing our web and online platforms (including mobile apps).

As a general rule, any collection and/or use of personal data for other purposes take place only

(i) with the user's prior consent,

(ii) if the processing is for the purpose of performing a contract, or

(iii) for the protection of legitimate interests, except where such interests are outweighed by the data subject's interests or basic rights or basic freedoms that necessitate the protection of personal data.

Moreover, an exception applies in cases where, for practical reasons, it is not possible to obtain prior consent, or in cases where processing of the data is permitted by statutory provisions.

 

2. Legal bases

Insofar as personal data is processed on the basis of the data subject's consent, Article 6 (1), letter a GDPR forms the legal basis for the processing.

In cases where personal data is processed for the performance of a contract to which the data subject is a party, Article 6 (1), letter b GDPR forms the legal basis; this also applies to processing necessary for the implementation of precontractual measures.

  • If personal data is processed in order to comply with a legal obligation to which we are subject, Article 6 (1), letter c GDPR forms the legal basis. If processing of personal data is necessary in order to protect vital interests of the data subject or any other natural person, Article 6 (1), letter d GDPR forms the legal basis.
  • If processing takes place in order to protect a legitimate interest of our company or a third party, and this interest is outweighed by the data subject's interests or basic rights or basic freedoms, Article 6 (1), letter f GDPR forms the legal basis of the processing.

 

3. Obtaining consent / Right to revoke

Generally, consent under Article 6 (1), letter a GDPR is obtained electronically. Consent is given by ticking a box in the corresponding field for the purpose of documenting the granting of consent. If consent is given electronically, the so-called double-opt-in procedure (https://www.onlinemarketing-praxis.de/glossar/double-opt-in) is used for the purpose of identifying the user, insofar as this is legally necessary. The content of the declaration of consent is recorded electronically.

Right to revoke: Please note that consent once given may be wholly or partly revoked at any time with effect for the future. The lawfulness of the processing that, on the basis of the consent given, has taken place until such revocation will remain unaffected hereby. If you wish to revoke your consent, please use the contact details given in Section II (data controller or data protection officer).

 

4. Possible recipients of personal data

In order to provide our web and/or online platforms, we shall sometimes use third-party service providers, who will, when rendering their services, operate on our behalf and in accordance with our directives (commissioned processor). These service providers may receive personal data or come into contact with personal data when rendering their services and will constitute third parties or recipients within the meaning of the GDPR.

In such cases, we shall ensure that our service providers offer sufficient guarantees that suitable technical and organisational measures exist, and processing is carried out in a manner that is in keeping with the requirements of this Regulation and safeguards the protection of the data subject's rights (cf. Article 28 GDPR).

Insofar as personal data is transmitted to third parties and/or recipients outside of commissioned processing, we shall ensure that this occurs only in compliance with the requirements of the GDPR (e.g. Article 6 (4) GDPR) and only if a corresponding legal basis exists (e.g. Article 6 (4) GDPR; see also subsection IV.2).

 

5. Processing of data in so-called third countries

In principle, the processing of your personal data will take place within the EU or the European Economic Area ("EEA").

Merely in exceptional cases (e.g. in connection with the calling-in of service providers for rendering web analysis services) may information be transmitted to so-called "third countries". "Third parties" are countries that are outside of the European Union and the Agreement on the European Economic Area. Therefore, it cannot be automatically assumed that the level of data protection in those countries is adequate and corresponds to the standards in the EU.

Prior to transmitting any information that also includes personal data, we shall ensure that an adequate level of data protection is guaranteed in the respective third country or at the respective recipient in the third country. This may ensue from a so-called "adequacy decision" of the European Commission or be safeguarded by using the so-called "EU standard contractual clauses". In the case of recipients in the USA, compliance with the principles of the so-called "EU-US Privacy Shield" may also ensure an adequate level of data protection. On request, we shall be happy to make available further information on suitable and adequate safeguards for adherence to an adequate level of data protection; the contact details can be found at the beginning of this Data Privacy Statement. Additionally, information on the participants in the EU-US Privacy Shield can be found here www.privacyshield.gov/list.

 

6. Data deletion and storage period

The data subject's personal data will be deleted or blocked as soon as the purpose for which the data is being processed ceases to exist. After this purpose has ceased to exist, the data will continue to be stored only if such storage is provided for by the European or national legislator in ordinances, laws or other provisions under European Union law to which our company is subject (e.g. for compliance with statutory retention duties and/or if there are legitimate interests in such storage, e.g. in the course of limitation periods for the purpose of a legal defence against any claims). The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion of a contract or for other purposes.

 

 

7. Rights of the data subject

A person whose personal data is processed is granted certain rights under the GDPR (so-called rights of the data subject, in particular Articles 12 to 22 GDPR). The data subject's individual rights are explained in greater detail in Section XI. If you wish to make use of one or more of these rights, you may contact us at any time. Please use the contact options specified under Section II.

V. Registration / Setting-up of a User Account

Certain services provided via our websites and online platforms necessitate registration and the setting-up of a personal user account. In the course of registration and the setting-up of a user account, we shall collect and store the following personal data ("mandatory details"). This data will not be passed on to third parties:

  • user name
  • password
  • the user's business email address
  • first name, surname, title
  • company (insofar as relevant)
  • address
  • country, federal state and place where the company is located

 

At the time of registration, the following details are additionally stored: (i) the user's IP address and (ii) the date and time of registration.

 

Moreover, voluntary details may be provided. These details may include, for example, the telephone number, fax number and mobile phone number or details relating to the company, such as the number of employees, the branch of industry, the size of the pool or fleet of vehicles. Mandatory details needed for the purpose of registration are marked in the input mask as a mandatory field by means of an asterisk. If the mandatory fields are not fully and truthfully filled in, registration will not be possible. The application for registration will be completed only if, after having filled in the mandatory fields, you confirm your registration using the link contained in an email sent by us. Voluntary details may be used for, in particular, the purpose of improving our services.

 

1. Purpose and legal basis

User registration takes place for the purpose of access restriction and/or access control relating to certain content and services made available by us on our websites and/or online platforms only to registered users. Furthermore, such registration may take place for the purpose of providing certain content and services for registered users in the course of performing a contract and/or for the implementation of precontractual measures.

 

Article 6 (1), letter a GDPR forms the legal basis for the processing of data for the purpose of registration, provided that the user has given its consent. If registration serves the performance of a contract to which the user is a party, or serves the implementation of precontractual measures, Article 6 (1), letter b GDPR forms the legal basis for the processing. Insofar as registration takes place for the purpose of restricting and/or controlling access, the protection of legitimate interests is the legal basis in accordance with Article 6 (1), letter f. GDPR. In this respect, the legitimate interest lies in the restriction of access for protecting the content and information developed by us.

 

2. Data deletion and storage period

If registration takes place in connection with the performance of a contract or for the implementation of precontractual measures (Article 6 (1), letter b GDPR), the registration details will be stored for the duration of the respective client/contractor relationship or contractual relationship and will, with due regard being given to subsection IV.6, be deleted or blocked after the respective contract period or notice period has expired.

 

If registration is not related to the performance of a contract or to the implementation of precontractual measures, the registration details will, with due regard being given to subsection IV.6, be deleted as soon as the registration on our website is nullified or altered or is deleted by the user.

 

3. Opt-out and removal option

As a user, you have the option of terminating or deleting your registration at any time. You may at any time alter the data stored concerning you. If the data is (still) needed for the performance of a contract or the implementation of precontractual measures, premature deletion of the data will be possible only insofar as no contractual or statutory obligations conflict with deletion.

VI. Data Processing for the Provision of the Website / Collection of Log Files

Every time our website is accessed, our system collects data and information from the accessing computer's computer system in an automated manner. The following data is collected (hereinafter "Log Data"):

information on the type of browser and the version used

  • the user's operating system
  • the user's Internet service provider
  • the user's IP address (not personal data)
  • the date and time of access
  • websites from which the user's system accesses our website
  • websites accessed by the user's system via our website
  • the user's movements on our site

 

The aforementioned Log Data will not enable the user to be personally identified.

 

1. Purpose and legal basis

The collection and processing of Log Data, in particular the IP address, take place for the purpose of making available to the user the content contained on our website, i.e. for the purpose of communication between the user and our web or online platform. It is necessary to temporarily store the IP address for the duration of the respective communication process. This is needed for addressing the communication between the user and our web and/or online platform and/or for making use of our web and/or online platform. Article 6 (1), letter b GDPR and/or Section 96 TKG [Telecommunications Act] and/or Section 15 (1) TMG [Telemedia Act] will, for the duration of your website visit, form the legal basis for this data processing.

 

Any processing and storage of the IP address in log files beyond the communication process take place for the purpose of ensuring the functionality of our web and online platforms, optimising these platforms and ensuring the security of our IT systems. Article 6 (1), letter f GDPR (protection of legitimate interests) and/or Section 109 TKG form the legal basis for any storage of the IP address for these purposes beyond the communication process.

 

2. Data deletion and storage period

The data will be deleted as soon as it is no longer needed for attaining the purpose for which it was collected. If the data was collected for the purpose of providing the website, this will be the case when the respective session (the website visit) has ended. Any further storage of Log Data, including the IP address, for the purpose of system security will take place for a period of no more than seven days after the user's access to the website has ended. Further processing and/or storage of Log Data will be possible and permissible insofar as the users' IP addresses are, following the expiration of the aforementioned seven-day storage period, deleted or masked to such an extent that it is no longer possible to allocate the Log Data to an IP address.

 

3. Opt-out and removal option

The collection of Log Data for the provision of the website, including the storage of Log Data in log files within the aforementioned limits, is absolutely essential for the operation of the website. Therefore, the user has no possibility of opting out. This does not apply to the processing of Log Data for analysis purposes; this is - depending upon the respective web analysis tool used and the type of data analysis (personal / anonymous / pseudonymous) - governed by Section VIII.

VII. Use of Cookies

Our website uses cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the user's computer system. Cookies do not contain programmes and cannot place any malicious code onto your computer. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the user accesses the website again. As our cookies do not contain any personal data, your privacy will be protected. Depending upon the respective type of cookie and the possibility of allocating a cookie to an IP address, it is, in principle, possible however that the user will be personally identifiable. We shall not carry out such allocation, and/or the IP address will be anonymised without delay in order to rule out such allocation (see under Section VIII for further details).

 

We differentiate between (i) technically essential cookies, (ii) analysis cookies and (iii) third-party providers' cookies:

 

(i) Technically essential cookies are used by us in order to make our web and/or online platform more user-friendly. The following data is stored in technically essential cookies and transmitted to our systems:

 

  • language settings
  • information relating to the terminal device / PC used and its settings
  • log-in information

(ii) Analysis cookies (also so-called session cookies) are used by us in order to analyse the surfing behaviour of the users on our web and/or online platforms for the purpose of advertising and/or market research or for tailoring the design our platforms to the needs. The following data is collected via analysis cookies and transmitted to our systems:

 

  • search terms entered
  • frequency of site visits
  • use of website features

 

The user data collected in this manner is anonymised by technical means. It is then no longer possible to allocate the data to the accessing user.

 

(iii) Third-party providers' cookies are cookies provided not by our web servers, but by third-party providers. This includes, for example, integration of the "Like" button. When this button is clicked, Facebook places a cookie of its own onto the user's browser. We can never search for or evaluate third-party providers' cookies.

 

The third-party providers are solely responsible for the use of such cookies; we have no possibility of influencing the use or processing of such cookies; you can prevent the placement of third-party providers' cookies by taking the measure described in subsection VII.3 and Section VIII.

 

1. Purpose and legal basis

The purpose of using technically essential cookies is to simplify website usage for the users. Without the use of these cookies, it would not be possible to offer some of our website features. These features necessitate that the browser be recognised following a site change. We require technically essential cookies for the following applications:

 

  • adopting language settings
  • remembering search terms
  • log-in information

The user data collected by means of technically essential cookies is not used for creating user profiles. Article 6 (1), letter b GDPR forms the legal basis for the use of technically essential cookies insofar as the user is possibly personally identifiable, and such use is necessary for the purpose of providing our web and/or online platforms in the interest of the performance of a contract, otherwise Article 6 (1), letter f GDPR, as such use also takes place in order to protect legitimate interests for the purpose of providing web and/or online platforms.

 

The use of analysis cookies takes place for the purpose of improving the quality of our website and its content. As a result of analysis cookies, we learn how the website is used, which thus enables us to continually optimise our platform (see above). Insofar as the user is possibly personally identifiable, Article 6 (1), letter a GDPR forms the legal basis for the processing of personal data using analysis cookies, if the user has given its consent. If analysis cookies are used for the creation of pseudonymous evaluations, Article 6 (1), letter f GDPR (protection of legitimate interests) or Section 15 (3) Telemediengesetz (TMG) forms the legal basis.

 

2. Data deletion and storage period

Cookies are deposited onto the respective terminal device of the user (smart device / PC) and transmitted to our websites from there. A distinction is made between so-called permanent cookies and session cookies. Session cookies are stored during the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the respective browser session ends, but are stored on the user's terminal device for a longer period.

 

3. Opt-out and removal option

When accessing our websites, users are, by means of an info banner, informed of the use of cookies and referred to this Data Privacy Statement. In the process thereof, the user's consent to the processing of its personal data used in this connection is also obtained via the banner.

 

As a user, you have full control over the use and storage of cookies. By changing the settings in your Internet browser, you can generally deactivate or limit the transfer of cookies. You can at any time delete cookies already stored. This can also take place in an automated manner. If cookies are deactivated for our website, it may no longer be possible to fully use all the website features. Further information on the use of cookies can be found at http://www.meine-cookies.org/ or youronlinechoices.com.

 

You may at any time, with effect for the future, opt out of the use of cookies for the creation of pseudonymous user profiles (see above in the case of analysis cookies; you may exercise your opt-out right via the info banner or via your browsers' setting options.

Contact Form and Email Contact

Our website contains a contact form that the user can use to electronically contact us. If the user makes use of this option, the data entered in the input mask is transmitted to us and stored. These details are:

 

  • company name*
  • fleet size
  • first name*
  • surname*
  • availability times
  • telephone number*
  • email*
  • field for notifications*
  • post code*
  • country

*Mandatory details needed for the purpose of registration are marked as a mandatory field by means of an asterisk (also in the input mask).

 

When a message is sent, the following data is additionally processed and stored:

 

  • the user's IP address
  • the date and time of sending

Alternatively, it is possible to contact us via the email address given on our website. In this case, the user's personal data transmitted by email will be stored. In no event will the data be passed on to third parties, unless we need to fall back on third parties for handling the enquiry.

 

1. Purpose and legal basis

The data will be processed exclusively for the purpose of handling the respective enquiry or the respective user request. The other data collected during the transmission process will serve to prevent misuse of the contact form and safeguard the security of our IT systems.

 

Insofar as data processing takes place for the purpose of fulfilling a customer order or a customer enquiry, Article 6 (1), letter b GDPR forms the legal basis for the processing of the data, regardless of whether we are contacted via the contact form or by email. If the user has given its consent, Article 6 (1), letter a GDPR forms the legal basis for the processing. Article 6 (1) f GDPR forms the legal basis for the collection of additional data during the transmission process; the legitimate interest lies here in the prevention of misuse and the safeguarding of system security (cf. subsection VI.1).

 

2. Data deletion and storage period

In principle, the data will be deleted as soon as it is no longer needed for attaining the purpose for which it was collected. In respect of the personal data from the input mask on the contact form, and the personal data sent by email, this will be the case when the respective communication with the user has ended, and/or the user's enquiry has been definitively answered. The communication will be deemed ended, or the enquiry definitively answered, if it is evident from the circumstances that the matter concerned has been definitively cleared up. Instead of being deleted, the data will be stored and blocked insofar as continued storage of the data is necessary for the reasons specified in subsection III.4.

 

The personal data additionally collected during the transmission process will likewise be deleted as soon as it is no longer needed for attaining the purpose for which it was collected.

 

3. Opt-out and removal option

The user has the option of at any time discontinuing the communication with us and/or withdrawing its enquiry and opting out of corresponding use of its data. In such case, continued communication will not be possible. All personal data stored in the course of contact with the user will, in this case, be deleted, except where storage of the data continues for the reasons specified in subsection IV.6.

Rights of the Data Subject

Under the GDPR, the user is, in particular, entitled to the following rights as the data subject:

 

1. Right to information (Article 15 GDPR)

You have the right to request information on whether or not we process personal data concerning you. If our company processes personal data concerning you, you are entitled to information on

 

  • the purposes for which the data is processed;
  • the categories of personal data (type of data) processed;
  • the recipients, or categories of recipients, to whom your data has been disclosed or is yet to be disclosed; this particularly applies, if data has been disclosed, or is to be disclosed, to recipients in third countries outside of the application of the GDPR;
  • the planned storage period, insofar as possible; if it is not possible to specify the storage period, the criteria for defining the storage period (e.g. statutory retention periods or the like) will in any case be communicated;
  • your right to correction and deletion of the data concerning you, including the right to have processing restricted and/or the option of opting out (see also the following subsections in this respect);
  • the existence of a right to complain to a supervisory authority;
  • the origin of the data in the case of personal data not collected directly from you.

Furthermore, you are entitled to information on whether your personal data is the subject-matter of an automated decision as defined by Article 22 GDPR, and, if so, what decision-making criteria are taken as a basis for such automated decision (logic), and what effects and implications this automated decision could have for you.

If personal data is transmitted to a third country outside of the scope of application of the GDPR, you are entitled to information on whether and, if so, under what guarantees an adequate level of protection, within the meaning of Articles 45 and 46 GDPR, has been safeguarded at the data recipient in the third country.

You have the right to demand a copy of your personal data. In principle, data copies will be made available by us in electronic form, unless you have specified otherwise. The first copy will be free of charge; an appropriate fee may be requested for further copies. The data requested will be provided only insofar as no rights or freedoms of other persons could be impaired as a result of the sending of a copy of this data.

 

2. Right to correction (Article 16 GDPR)

You have the right to request that we correct your data insofar as your data is incorrect, inapplicable and/or incomplete; this right to correction includes the right to make your data complete by means of supplementary statements or notifications. Correction and/or supplementation will take place promptly, i.e. without culpable delay.

 

3. Right to deletion (Article 17 GDPR)

You have the right to demand that we delete your personal data insofar as

 

  • your personal data is no longer needed for the purposes for which it was collected and processed;
  • the data is being processed on the basis of consent given by you, and you have revoked your consent, unless there is some other legal basis for processing the data;
  • you have opted out of data processing in accordance with Article 21 GDPR, and no overriding legitimate reasons for continued processing exist;
  • you have opted out of data processing for the purpose of direct advertising in accordance with Article 21 (2) GDPR;
  • your personal data has been processed unlawfully;
  • the data concerned is a child's data collected in connection with information society services in accordance with Article 8 (1) GDPR.

 

No right to delete personal data exists insofar as

 

  • the right to freely express an opinion, or the right to information, conflicts with the request for deletion;
  • the processing of personal data is (i) necessary for compliance with a legal obligation (e.g. statutory retention duties), (ii) for the performance of public tasks, or the protection of public interests, under European Union law and/or the law of its Member States (this includes interests in the field of public health) or (iii) for archiving and/or research purposes;
  • the personal data is necessary for asserting, exercising or defending legal claims.

Deletion will take place promptly, i.e. without culpable delay. If we have made personal data public (e.g. on the Internet), we shall, insofar as this is technically possible and can be reasonably expected, ensure that third-party data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.

 

4. Right to restriction of processing (Article 18 GDPR)

You have the right to have the processing of your personal data restricted in the following cases:

 

  • If you have disputed the accuracy of your personal data, you may request of us that, whilst the accuracy is being checked, your data not be used for other purposes and be restricted in this respect.
  • If your data is unlawfully processed, you may request that, instead of your data being deleted in accordance with Article 17 (1), letter d GDPR, use of your data be restricted in accordance with Article 18 GDPR.
  • If you need your personal data for asserting, exercising or defending legal claims, but your personal data is otherwise no longer needed, you may request that we limit processing to the aforementioned legal defence purposes.
  • If you have opted out of data processing in accordance with Article 21 (1) GDPR, and it has not yet been established whether our interests in processing outweigh your interests, you may request that, whilst this is being checked, your data not be used for other purposes and be restricted in this respect.

 

Personal data whose processing has been restricted at your request will, except for storage, be processed only (i) with your consent, (ii) for asserting, exercising or defending legal claims, (iii) for protecting the rights of other natural persons or legal entities or (iv) for reasons of important public interest. If a processing restriction is lifted, you will be informed thereof.

 

5. Right to data portability (Article 20 GDPR)

Subject to the following provisions, you have the right to request that the data concerning you be surrendered in a commonly used electronic, machine-readable data format. The right to data transfer includes the right to transmit the data to another data controller. On request, we shall therefore - insofar as technically possible - transmit data directly to a data controller designated, or yet to be designated, by you. The right to data transfer applies only to data provided by you and requires that the processing take place on the basis of consent or for the implementation of a contract and be carried out with the aid of automated procedures. The right to data transfer under Article 20 GDPR does not affect the right to data deletion under Article 17 GDPR. The data will be transferred only insofar as no rights or freedoms of other persons could be impaired as a result of the data transfer.

 

6. Right to opt out (Article 21 GDPR)

If personal data is processed for the performance of tasks that are in the public interest (Article 6 (1), letter e GDPR) or for the protection of legitimate interests (Article 6 (1), letter f GDPR), you may at any time, with effect for the future, opt out of the processing of personal data concerning you. If you exercise your right to opt out, we shall refrain from all further processing of your data for the aforementioned purposes, unless

 

the reasons for processing are compelling and worthy of protection and outweigh your interests, rights and freedoms, or

processing is necessary for asserting, exercising or defending legal claims.

You may at any time, with effect for the future, opt out of having your data used for the purpose of direct advertising; this also applies to profiling, insofar as it relates to direct advertising. If you exercise your right to opt out, we shall refrain from all further processing of your data for the purpose of direct advertising.

 

7. Prohibition of automated decisions / Profiling (Article 22 GDPR)

Decisions that entail a legal consequence for you or materially impair you will not be based exclusively on automated processing of personal data, including profiling. This will not apply insofar as such automated decision

 

is necessary for the conclusion or performance of a contract with you;

  • is permissible under legal provisions of the European Union or its Member States, insofar as these legal provisions contain appropriate measures for protecting your rights, freedoms and legitimate interests, or
  • is made with your express consent.

 

In principle, decisions based exclusively on automated processing of particular categories of personal data are impermissible, unless Article 22 (4) in conjunction with Article 9 (2), letter a or letter g GDPR apply, and appropriate measures for protecting your rights, freedoms and legitimate interests have been taken.

 

8. Legal protection options / Right to complain to the supervisory authority

If you have any complaints, you may at any time turn to the relevant supervisory authority of the European Union or its Member States. For our company, the supervisory authority specified in Section II is the relevant supervisory authority.