The contents of LIMENDO MENU are offered in different languages for your convenience. However, only the German text version is authoritative for your contractual relationship with us.
in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Basic Data Protection Regulation, hereinafter referred to as “DPA”) and with the provisions of Legislative Decree No. 196/2003 (as amended by Legislative Decree no. 101/2018), we, Limendo Consulting vereinfachte GmbH with sole shareholder (hereinafter also referred to as “Limendo Consulting”; this company is also meant when the terms “we” or “us” are used in the following), communicate the following information to you (the user):
1. GENERAL INFORMATION – SCOPE OF APPLICATION
“Limendo Menu” is an offer provided under the Internet domain https://menu.limendo.com and via mobile applications (apps for Android and IOS) by Limendo Consulting vereinfachte GmbH with sole shareholder. The provisions of this data protection declaration apply to all our business areas and refer in particular to the following services and performances:
This data protection declaration does not refer to other websites or services which may be linked to “Limendo Menu”.
You are advised to read this data protection declaration carefully before using our services and performances or before you register with “Limendo Menu”, create a user account or enter your personal data in our online forms.
2. NAME AND ADDRESS OF THE RESPONSIBLE PERSON
The person responsible in the sense of the DSGVO and other national data protection laws of the member states as well as other data protection regulations is Limendo Consulting vereinfachte GmbH with sole shareholder, with headquarters in Kapuzinerstraße 5, 39011 Lana (BZ), e-mail: email@example.com, in the person of the legal representative Mr. dott. Hannes Lösch. The responsible person is also responsible for the processing of personal data.
3. GENERAL INFORMATION ON DATA PROCESSING
A. Purpose and scope of data processing
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services.
The processing of your personal data is essential for the provision of our website as well as our contents and services. The possible refusal to provide personal data has the consequence that the service requested by you cannot be provided correctly and you cannot use “Limendo Menu”.
The processing of personal data is carried out by automated systems and/or manually.
B. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a) DSGVO serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) FADP serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) (f) FADP serves as the legal basis for the processing.
C. Storage period and deletion of data
In principle, your personal data will be stored until the end of the business relationship in the course of which your data is processed. In any case, your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data in order to conclude or fulfil a contract. Mandatory legal provisions – in particular retention periods – must be observed in any case.
4. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
Whenever our website is called up, our system automatically records certain data and information from the computer system of the calling computer (server log files). These are in particular and among others the following data:
– Date and time of the visit and the duration of use;
– the type of the user’s web browser;
– the operating system used;
– the domain name of your internet service provider and similar.
The data in question is information of a general nature, which does not allow any conclusions to be drawn about your person. This data is stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allow the data to be assigned to a user. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f) DSGVO or Art. 6 para. 1 lit. b).
The processing of the information in question (which is mandatory when using the Internet) is necessary in order to correctly deliver the content you have requested from our website. The website log files are automatically deleted within 2 weeks. The IP is not stored and is not communicated to us by our server provider.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) DSGVO. Anonymous information of this kind is statistically evaluated by us in order to optimize our Internet presence and the technology behind it.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.
5. REGISTRATION ON OUR WEBSITE
On our website you have the possibility to register by providing some personal data. The data will be entered into an input mask, transmitted to us and stored.
During registration, in particular and among other things, your name, e-mail address, IP address and the date and time of your registration are collected. Further information can be added optionally, such as your address, your contact and communication data as well as your telephone number or even your payment information. As an end user, you also have the opportunity to tell us your preferences regarding ingredients that you enjoy. You can “deselect” ingredients and these ingredients will not be displayed on our platform until you decide to “display” them again. You also have the possibility to “rank” ingredients (ranking from 1 to 10) in order to see the dishes that you like most. For payment information see point 8. We do not store your payment information directly, especially as we are not authorized to do so. You can change or delete this data at any time.
As part of the registration process, the user’s consent to the processing of the above-mentioned data is obtained. The legal basis for the processing of this data is Art. 6 para. 1 lit. a) DSGVO, if such consent is given by the user. You may revoke this consent at any time or directly modify this data independently. To revoke the consent, an informal notification by e-mail to us is sufficient. Revocation of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent until revocation.
Please note that the registration of the user is necessary for the provision of certain contents and services of “Limendo Menu”. If you are registered with us, you can also access contents and services which we only offer to registered users. In this case your registration is necessary for the fulfilment of the contract or for the execution of pre-contractual measures. In this case, the additional legal basis for the processing of data is Art. 6 para. 1 lit. b) DSGVO.
Our website is hosted on a European server and the servers are certified according to DIN ISO/IEC 27001. SSL encryption: To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies. The latter is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations. Mandatory statutory provisions – in particular retention periods – shall remain unaffected in any case.
Registered users can change or delete the data provided during registration at any time. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will also be pleased to correct or delete this data at your request, provided that there are no legal obligations to retain it. To contact us in this context, please use the contact data provided in this data protection declaration.
As an end user, you also have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible, unless contractual or legal obligations prevent a deletion.
Cookies cannot be used to start programs or transfer viruses to a computer. We can use the information contained in cookies to make navigation easier for you and to enable our website to be displayed correctly. For this purpose, it is necessary that the calling browser can also be identified after a page change.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f) DSGVO, as we have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of our services.
Please note that if you deactivate cookies for our website, it may not be possible to use all functions of our website to their full extent.
7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES WITH REGARD TO TRANSACTIONS
“Limendo Menu” offers end users an information and transaction platform on the Internet and on an application basis, through which you can realize order processes and reservations and thus conclude binding contracts with various gastronomy or service companies (hereinafter referred to as COMPANY).
In order to fulfil the contract, we pass on the end user’s data to the gastronomy or service company commissioned with the order or reservation, as this is particularly necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we also pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service for the purpose of processing payments (see also below under point 8.). In some cases, the selected payment service providers also collect this data themselves, if you open an account there. In this case you must log in to the payment service provider with your access data during the ordering process. In this respect the data protection declaration of the respective payment service provider applies.
In addition, your data may be passed on by the COMPANY to delivery services in order to fulfil the delivery.
The legal basis for the processing and transfer of data in this context is Art. 6 para. 1 lit. b) DSGVO, as this is necessary for the conclusion or performance of a contract in the interest of the data subject. We assume no responsibility for compliance with the DSGVO by third parties.
8. TRANSFER OF PERSONAL DATA TO THE PAYMENT SERVICE PROVIDER STRIPE INC.
In the backend of “Limendo Menu” we use for the processing of our transactions services of the payment service provider Stripe, Inc. a company founded according to the law of the State of Delaware (USA) with its registered office in 510 Townsend Street, San Francisco, CA 94103, USA (hereinafter also referred to as “Stripe”). The COMPANIES conclude their own agreement with Stripe in this respect and register directly with Stripe.
The legal basis for the processing and transfer of the data to Stripe is Art. 6 para. 1 letter b), as this is necessary for the fulfilment of a contract in the interest of the data subject.
Stripe is subject to the EU-US Privacy Shield Framework, the adequacy of which was confirmed with regard to the level of protection by implementing Commission Decision (EU) 2016/1250 of 12 July 2016.
9. TRANSFER OF PERSONAL DATA TO COMPANIES FOR MARKETING ACTIVITIES AND OFFERS
If you use “Limendo Menu”, you have the possibility to receive offers and information directly from COMPANIES registered with “Limendo Menu”. This takes place through your express consent within the framework of a transaction. If you so wish, we will pass on your name, address and e-mail address to the COMPANY for which you have given your consent. The processing or transfer of the data in question is thus based on your consent (Art. 6 para. 1 lit. a) DSGVO). You may revoke your consent at any time or independently modify the data concerned at any time. To revoke your consent, simply send us an informal e-mail. Revocation of consent does not affect the lawfulness of the processing or transfer of the data carried out on the basis of the consent until revocation. To contact us in this context, please use the contact data provided in this data protection declaration. Please note that you can no longer receive offers and information from gastronomy or service companies registered with “Limendo Menu” if you revoke your consent to the passing on of your data to third parties with regard to marketing activities.
On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask will be transmitted to us. The processing of your data serves to deliver the newsletter. Subscribers can also be informed by e-mail about circumstances that are relevant to the service or registration (for example changes to the newsletter offer or technical conditions).
For an effective registration we need a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the “double opt-in” procedure. For this purpose, we log the ordering of the newsletter, the sending of a confirmation e-mail and the receipt of the hereby requested answer.
Our website uses the service “MailChimp” of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA, in the following briefly also “The Rocket Science Group LLC”) for the transmission or sending of the newsletter. For this purpose your personal data will be passed on to The Rocket Science Group LLC. The Rocket Science Group LLC is subject to the EU-US Privacy Shield Framework (EU-US Privacy Shield), the adequacy of which was confirmed with respect to the level of protection by implementing Commission Decision (EU) 2016/1250 of 12 July 2016.
The data collected by us in the course of registration and the sending of the newsletter will be deleted as soon as they are no longer required for the purpose of their collection. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.
11. CONTACT FORM AND E-MAIL CONTACT
If you contact us by e-mail or contact form, the information you provide will be transmitted and stored for the purpose of processing your enquiry and for possible follow-up questions. We use our own contact forms and store your inquiry directly with us.
For the transmission of contact forms on the website Newsletters use the service “MailChimp” of the company The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA, in the following briefly also “The Rocket Science Group LLC”. For this purpose your personal data will be passed on to The Rocket Science Group LLC. The Rocket Science Group LLC is subject to the EU-US Privacy Shield Framework (EU-US Privacy Shield), the adequacy of which was confirmed with respect to the level of protection by implementing Commission Decision (EU) 2016/1250 of 12 July 2016.
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data. The legal basis for the processing of data transmitted in the course of sending an e-mail is therefore Art. 6 para. 1 letter f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.
In our contact forms you have the possibility to determine the extent to which you would like to be informed and contacted by us via various media. Your consent for the processing of your data will be obtained when you send the contact form and reference will be made to this data protection declaration. The processing of the data entered in a contact form is thus exclusively based on your consent (Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time. To revoke your consent, an informal notification by e-mail to us is sufficient. Revocation of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent until revocation. Please note that the conversation cannot be continued if you revoke your consent. All personal data stored in the course of the contact will be deleted in this case.
The data you have entered into the contact form or transmitted by e-mail will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. Mandatory legal provisions – in particular retention periods – remain unaffected in any case.
12. USE OF GOOGLE ANALYTICS
However, due to the activation of IP anonymisation on these websites, your IP address will be truncated by Google within Member States of the European Union or in other countries which are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
We use the “demographic characteristics” function of Google Analytics on our website. This allows us to create reports that contain statements about the age, gender and interests of the site visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be attributed to any specific person. You can disable this feature at any time by changing the ad settings in your Google Account, or generally prohibit Google Analytics from collecting your information as described in the “Opting out of data collection” section.
Google Analytics is used to improve the quality of our website and our services. By analysing user behaviour, we learn how our website and services are used and can thus constantly optimise our offer and advertising. This is also our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f) DSGVO.
You have the option of preventing the storage of cookies on your device by making appropriate settings in your browser. Please note that you will not be able to access all functions of our website without restrictions if your browser does not allow cookies.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by clicking on the following link https://tools.google.com/dlpage/gaoptout?hl=de and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=de: Browser add-on to deactivate Google Analytics.
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link . This will install an opt-out cookie on your device. This will prevent Google Analytics from tracking this website and this browser in the future as long as the cookie remains installed in your browser.
13. USE OF SCRIPT LIBRARIES (GOOGLE WEBFONTS)
To display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/). Google Web fonts are cached in your browser to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content will be displayed in a default font.
We do not store data in connection with the use of script libraries.
The use of script libraries is based on Art. 6 para. 1 lit. f) DSGVO, because we have a legitimate interest in delivering our website with the correct web fonts, in order to be able to correctly and appropriately display and present our services and the brand “Limendo”.
14. USE OF GOOGLE MAPS
We use Google Maps API, a mapping service provided by Google LLC. as part of our services to visually display geographic information or to calculate your distance from your location to a supplier.
The legal basis of the processing in connection with the use of Google Maps is derived from Art. 6 para. 1 lit. f) DSGVO, as we have a legitimate interest in making available our benefit geographical information about our locations or calculating distances and this information for the easy findability of the locations indicated in the context of our services. We need this in particular to calculate the distance between you and the COMPANY in order to determine whether you are within the delivery area.
15. USE OF FACEBOOK WEBSITE CUSTOMER AUDIENCE & FACEBOOK CONVERSION PIXEL
If you wish to object to the use of Facebook website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences/.
The recipient of the data within the scope of using Facebook Website Custom Audiences services is Facebook. Facebook, Inc. is subject to the EU-US Privacy Shield Framework, the adequacy of which was confirmed in terms of the level of protection by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016.
The processing of data in connection with the Facebook Website Customer Audiences services is based on Art. 6 para. 1 lit. f) DSGVO, as we have a legitimate interest in analysing user behaviour so that we can optimise our offer and advertising.
Facebook Website Customer Audiences is not used within the scope of our services at https://menu.limendo.com.
Conversion measurement with the conversion pixel of Facebook: We also use the “conversion pixel” or visitor action pixel of Facebook on our website at https://limendo.menu. By calling up this pixel from your browser, Facebook can subsequently recognize whether a Facebook advertisement was successful, e.g. whether it led to an online purchase transaction. We receive only statistical data from Facebook without reference to a specific person. This enables us to record the effectiveness of Facebook advertisements for statistical and market research purposes. In particular, if you are logged in to Facebook, we refer you to their privacy information https://www.facebook.com/about/privacy/.
Please go to www.facebook.com/settings?tab=ads if you wish to withdraw your consent to the “conversion” pixel.
The recipient of the “conversion” pixel or visitor action pixel in connection with the use of the “conversion” pixel is Facebook. Facebook, Inc. is subject to the EU-US Privacy Shield Framework (EU-US Privacy Shield), the adequacy of which was confirmed in terms of the level of protection by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016.
The processing of data in connection with the use of the “conversion pixels” or visitor action pixels of Facebook is based on Art. 6 para. 1 lit. f) DSGVO, as we have a legitimate interest in the analysis of user behavior so that we can optimize our offer and our advertising.
Within the scope of our services at https://menu.limendoc.com the “conversion pixel” or visitor action pixel of Facebook is not used.
16. RIGHTS OF THE AFFECTED
If personal data is processed by you, you are a data subject within the meaning of the DSGVO and you are entitled to the following rights against the person responsible.
A. Right of access to information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
If such processing has taken place, you can request information from the data controller about the following:
(1) the purposes for which the personal data are processed
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the envisaged duration of the storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;
(5) the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information as to the source of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Art. 22 (1) and (4) DPA and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
(9) You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DPA in connection with the transfer.
B. Right of rectification and/or completion
You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.
C. Right to limit processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
(1) if you dispute the accuracy of the personal data concerning you for a period which enables the controller to verify the accuracy of the personal data
(2) if the processing is unlawful and you object to the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need the personal data for the purpose of asserting, exercising or defending legal claims; or
(4) if you have lodged an objection to the processing in accordance with Art. 21 para. 1 DPA and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, such data may be processed – apart from storage – only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
D. Right of cancellation
a) Duty to delete
You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:
(1) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
(2) you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) DPA and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21(1) DPA and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) DPA.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you have been collected in relation to information society services offered, in accordance with Article 8(1) of the DPA.
(b) Information to third parties
If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.
The right of cancellation does not exist insofar as the processing is necessary
(1 ) on the exercise of the right to freedom of expression and information;
(2) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 DSGVO;
(4) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.
E. Right to information
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed of these recipients.
F. Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been made available, provided that:
(1) the processing is based on a consent pursuant to Art. 6 para. 1 letter a) DSGVO or Art. 9 para. 2 letter a) DSGVO or on a contract pursuant to Art. 6 para. 1 letter b) DSGVO and
(2) the processing is carried out by means of automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
G. Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 letter e) or f) FADP; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless he can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing is for the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by using automated procedures involving technical specifications.
H. Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
I. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision:
(1) is necessary for the conclusion or performance of a contract between you and the controller
(2) is authorised by Union law or the law of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a) or g DSGVO applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to protect the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the data controller, to present his or her point of view and to challenge the decision.
J. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.