Data protection
Find out more here about our privacy policy (Update: January 2024)
Privacy policy
This privacy policy provides information about which personal data we process in connection with our activities and operations on our piega.ch and piega.info websites. In particular, we provide information on why, how and where we process which personal data. We also provide information about the rights of persons whose data we process.
Further data protection declarations and other legal documents such as General Terms and Conditions (GTC), guarantee provisions, terms of use or conditions of participation may apply to individual or additional activities and operations.
We are subject to Swiss data protection law as well as any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
I. Name and address of the responsible person
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
PIEGA SA
Bahnhofstrasse 29
CH-8810 Horgen
Switzerland
Phone: +41 44 725 90 42
E-mail: mail@piega.ch
Website: https://www.piega.ch
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in respect of individual measures, you may address your objection to the above-mentioned responsible office.
You can save and print this privacy policy at any time.
II. General information on data processing
Scope of the processing of personal data
We collect and process your personal data exclusively within the framework of the provisions of the Swiss Federal Act on Data Protection (FDPA) and the EU’s General Data Protection Regulation (GDPR).
As a matter of principle, we process personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
The basis for the processing of personal data in Switzerland is Art. 4 et seq. of the DSG. Insofar as the processing falls under the scope of the GDPR, Art. 6 para. 1 lit. a – c GDPR forms the legal basis for processing operations of personal data.
If the processing is necessary to protect a legitimate interest of our company or a third-party and the interests and fundamental rights of the users do not outweigh the former interest, Art. 13 DSG or Art. 6 para. 1 f GDPR serves as the legal basis.
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil of a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third-party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
Data collection and processing:
The information we collect includes, for example, your name and contact details (such as address, email address and telephone number), nationality, areas of interest, professional background and any information from our correspondence, contacts and interactions with you. We also process information that is disclosed or collected by us as part of our services. In exceptional cases, this information may also include particularly sensitive personal data. If your consent is required for the processing of such sensitive personal data, we will obtain this in advance.
Data procurement methods
The sources from which the data originate are diverse and can be summarized as follows:
- Personal data: Some of the data is provided to us by you or the data subjects themselves when you or they contact us by e-mail or telephone, fill in the contact form on our website (if available) and enquire about our services.
- Website visitors: Certain data is collected automatically when you visit our website (see below).
Third party sources: We may also obtain data from third-party providers to supplement our data records.This includes data provided to us by public authorities, your employer and other third parties.
Purposes of data processing
Provision of our services: We use your data primarily to provide our services to you. We also use your data to inform you about services or products that may be of interest (insofar as the data is used for marketing purposes).
Data collection on this website:
-
- Log files (see III. Provision of the website and creation of log files)
- Registration for a newsletter: You have the option of subscribing to our newsletter on our website. The information you provide us with, in particular your e-mail address and your name, can be used to regularly send you our newsletter. You can unsubscribe from the newsletter at any time, either via the corresponding link in the newsletter itself or by informing us directly.
- Cookies (see IV. Use of cookies)
- Social media: This website may contain buttons (also known as “social media plugins”) that connect to the servers of social networks (such as Facebook, Twitter, Instagram, etc.). If you click on one of these buttons, you agree that certain required data, including your IP address, your website visits and other relevant information, will be transmitted to the respective operator of the social network.
- Security precautions: We process personal data to ensure and continuously improve the appropriate security of our information technology.
- Job application: If you apply for a job with us, we collect and process your data with the aim of reviewing your application and carrying out the entire application process. If your application is successful, we will also process your data to prepare and conclude a corresponding contract. In addition to your contact details and the information from our communication, the details in your application documents are also recorded. Furthermore, we may obtain additional information about you from job-related social networks, the Internet and, if you give your consent, from references.
We have a legitimate interest in processing your data for the purposes mentioned. Some processing is also necessary so that we can fulfill our contractual obligations towards you or our legal obligations (e.g. retention obligations).
Data sharing
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
(1) you have given your express consent to this in accordance with Art. 6 (1) p. 1 lit. a GDPR,
(2) the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to believe otherwise,
that you have an overriding interest worthy of protection in the non-disclosure of your data,
(3) in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c GDPR, as well as
(4) this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of contractual relationships with you.
Data deletion and storage duration
The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Data security
We make maximum efforts to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
To protect your data, we maintain technical and organizational security measures, which we constantly adapt to the state of the art.
We also do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are regularly backed up according to the state of the art.
III. Provision of the website and creation of log files
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
(1) Information about the browser type and version used.
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our website (“referrer”)
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
IV. Cookies use
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
For example, we use so-called session cookies to recognize that you have already visited individual pages of our website.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f GDPR.
Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Session cookies are automatically deleted after you leave our website.
V. Analysis tools
With the help of external analysis tools, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use them to statistically record the use of our website and evaluate it for the purpose of optimizing our offer. The legal basis for data processing in terms of these legitimate interests is Art. 6 para. 1 p. 1 lit. f GDPR
Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. https://www.google.de/intl/de/about/; address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site by creating pseudonymous user profiles.
The information generated by the cookie about your use of this website like
(1) Browser type/version,
(2) Operating system used,
(3) Referrer URL (the previously visited page),
(4) Host name of the accessing computer (IP address),
(5) Time of the server request,
are transferred to a Google server.
However, by activating IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): Google Analytics deactivate
We have set our GoogleAnalytics settings so that personal data, i.e. user or event data linked to cookies, user IDs or advertising IDs, should be automatically deleted by Google after what is currently the shortest possible period of 14 months.
To ensure that your data is also protected by this external provider, we have also concluded an order data processing agreement with Google.
Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. More information about Google Analytics can be found at this link https://www.google.com/intl/de_de/analytics/.
Facebook Remarketing
This website uses the remarketing function “Custom Audiences” of Facebook Inc. (“Facebook”, headquarters: 1 Hacker Way, 94025 Menlo Park, CA, USA; for users within the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This function is used to present interest-based advertisements (“Facebook Ads”) to visitors of this website when visiting the social network Facebook. For this purpose, the remarketing tag (pixel) of Facebook has been implemented on this website. Via this tag, a direct connection to the Facebook servers is established when visiting the website. In doing so, it is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account. For us as the website operator, the data collected in this way is anonymous. For more information on the collection and use of data by Facebook, as well as your rights in this regard and options for protecting your privacy, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy/. Further information on the purpose and deletion periods can also be found in our Cookie Statement. You can consent to the processing and revoke your consent at any time. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
Hotjar
This website uses Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar’s technology, we get a better understanding of our users’ experiences (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.) and this helps us tailor our offerings to our users’ feedback. Hotjar works with cookies and other technologies to collect data about our users’ behavior and about their devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
The information is neither used by Hotjar nor by us to identify individual users or merged with other data about individual users, your data will be deleted after 1 year at the latest. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. For more information, please see Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy
VI. Embedded YouTube videos
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website.
The following data will be transmitted
- evice-specific information, such as the hardware used; the version of the operating system; unique device identifier; and information about the mobile network, including your phone number.
- Log data in the form of server logs. These include, but are not limited to, details of how the services were used, for example, search queries; IP address; hardware settings; browser type; browser language; date and time of your request; originating page; cookies that uniquely identify your browser or Google accountD
- Location-based information. Information about your actual location may be collected by Google. This includes, for example, your IP address, your WLAN access points or mobile phone masts
- For more information about the data collected by Google LCC, please see the following link: https://policies.google.com/privacy?hl=de&gl=de
This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.
The legal basis for the processing of the users’ personal data is Art. 6 para. 1 p.1 lit. f) GDPR.
YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button.
You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
For more information on the purpose and scope of data collection and processing by YouTube, please see the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
VII. Newsletter processing via Mailchimp
We use the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on MailChimp’s servers in the USA.
MailChimp has a certification according to the “EU-US Privacy Shield”.
With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.
For more details, please refer to MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/.
We have concluded a so-called “Data-Processing-Agreement” with MailChimp, in which we oblige MailChimp to protect the data of our customers and not to pass them on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.
VIII. WordPress
Our website is based on the WordPress platform, a content management system developed by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. WordPress enables us to create, manage and publish content.
When you use our website, which is based on WordPress, various data, including your IP address, date and time of access and information about the browser you are using, may be collected and stored. This data is mainly used for administrative purposes and to ensure the smooth operation of the website.
Some WordPress functions, such as comments or contact forms, may collect additional personal data when you use them.
IX. Google Maps
On our website we use Google Maps, a map service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Maps enables us to integrate interactive maps directly into the website and allows you to conveniently use the map function, for example to search for a location or to plan your route.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, further data, in particular your IP address, is transmitted to Google and stored on Google servers. These servers may be located in the USA or other countries. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists.
Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising.
You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
X. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the controller:
Right to information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If there is such processing, you can request information from the controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectify or erase the personal data concerning you, a right to have the controller restrict the processing, or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
Right to rectification
You have a right to rectification and/or completion in relation to the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.
Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right to deletion
Obligation to delete
You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.
Exceptions
The right to erasure does not exist insofar as the processing is necessary to
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
(5) to assert, exercise or defend legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the data controller.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
(1) the processing is based on consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and
(2) the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) is done with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject, which shall include, at least, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
XI. Foreign language pages
As far as parts of the website are also offered in languages other than German, this is exclusively a service for our customers, prospects and employees who are not proficient in the German language.