Data protection at a glance
General notes and mandatory information
The use of our website is usually possible without providing personal data.
Insofar as personal data is collected when visiting our websites, we process it exclusively in accordance with the German Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG).
We point out that in the context of data transmission via the Internet security gaps may occur, which can not be prevented even by the technical design of this website. Complete protection of personal data is not possible when using the Internet.
Data collection on our website
Who is responsible for the data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This may be, for example, data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
In order to assess the risk of concluding a contract, it is possible that we send your personal data to a credit agency or request information about you there. This transfer is permitted pursuant to Art. 6 para. 1f DS-GVO is permissible because we pursue legitimate interests by limiting the economic risk. The credit reporting agencies evaluate the information collected from us and others and provide us with an assessment of the risk of default on a case-by-case basis. Possible partners of this data exchange are:
SCHUFA Holding AG
P.O. Box 10 34 41
Data protection information:
Infoscore Forderungsmanagement GmbH
Gütersloher Straße 123
Data protection information:
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
Third-party analytics and tools
Note on the responsible entity
The responsible party for data processing on this website is:
Represented by: Reiner Westhoff, Thorsten Müller-Schmetz
CONTURA MTC Ltd.
Phone: 02373 – 39646-50
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Data Protection Officer
We have appointed as data protection officer:
Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
58095 Hagen (NRW)
Phone: +49 (0)2331/356832-0
Server log files
Our website is operated on servers from domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany
We have concluded an order processing agreement with domainfactory GmbH Dienstleister.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address (in anonymized form)
The duration of storage: Web server logfile Contains: Domain, IP, requests, user agent, timestamp, status code Retention time: 3 days.
SSH Logfile Contains: SSH user, IP Retention time: 3 days
The data collected is used to ensure the trouble-free operation of the website as well as to ensure IT security and to improve our offer. If there are concrete indications, the log data may be analyzed subsequently.
This data is not merged with other data sources.
The basis for the data processing is Art. 6 para. 1 lit. f GDPR
Our legitimate interest results from the aforementioned purposes.
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for you to object.
In addition to the previously mentioned data, cookies are used on your computer when you use and visit our website.
Cookies are small text files that are placed on your terminal device by your browser to store certain information. Furthermore, these cookies are used to make the use of our offer more pleasant and comfortable for you or for analytical purposes.
Most of the cookies we use are so-called “session cookies”. They are used to make the services of our website technically available to you. After your visit, these cookies are automatically deleted from your browser.
Other cookies remain on your computer and cause us to recognize your terminal device on your next visit (so-called persistent or permanent cookies).
The next time you visit our website with the same terminal device, the information stored in cookies is read either by our website (“first party cookie”) or by another website to which the cookie belongs (“third party cookie”).
These cookies are automatically deleted from your system after a preset period of time, which differs depending on the cookie.
Through the stored and returned information, the respective website recognizes that you have already called up and visited it with the browser of your end device.
We use this information to optimally design and display the website according to your preferences. Only the cookie itself is identified on your terminal device.
Any further storage of personal data will only take place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.
This website uses the following types of cookies, the scope and functionality of which are explained below:
– Essential cookies: Essential cookies ensure functions without which you cannot use our websites as intended. These cookies are used exclusively by us and serve, for example, to ensure that you, as a logged-in user, always remain logged in when accessing various sub-pages of our website and thus do not have to re-enter your login data each time you call up a new page. The legal basis for the use is our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.
– Functional cookies: Enable our website to store information you have already provided and offer you improved functions based on this information. The legal basis for the use of these cookies is your consent according to. Art. 6 par. 1 p. 1 lit. a GDPR.
– Marketing or tracking cookies: these cookies are used to collect information about the websites visited by the user, to create targeted and more effective advertisements for the user, and to allow us to identify the interests of website visitors in order to make our website more interesting in the future.
Marketing and/or tracking cookies are only set after your active consent.
The legal basis for data processing here is Art. 6 para. 1 p. 1 lit. a GDPR.
Opt-out for marketing cookies
You may also choose to accept cookies used for online advertising through tools developed in many countries as part of self-regulatory programs, such as the U.S.-based
or the EU-based
You can revoke this consent to the cookies at any time with effect for the future here.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, e.g. third-party cookies (cookies that are set by a third party, i.e. not by the actual Internet site on which you are currently located), exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. You can delete stored cookies at any time using your web browser.
You have the option to generally deactivate cookies in your browser at any time.
However, when cookies are disabled, the functionality of this website may be limited.
Cookies are stored on your terminal device until you delete these cookies, which is possible at any time. Furthermore, expired cookies are automatically deleted by your browser if you have set up your browser accordingly. Expired cookies are no longer sent to our servers by your browser and can therefore no longer be used by us.
Here you can find information on how to delete cookies from your browser and manage cookie settings for the most popular browsers:
Desktop PC / Laptop
– Microsoft Edge
– Mozilla Firefox
– Apple Safari
– Google Chrome
– Google Chrome (Android)
– Google Chrome (iOS)
– Apple Safari (iOS)
– Samsung Internet (Android)
– Mozilla Firefox (Android)
If you have not made or do not make any deviating settings, cookies that enable or are intended to ensure the required technical functions remain on your terminal device until you close the browser; other cookies may remain on your terminal device for longer (maximum 6 months).
To safeguard your privacy, you should regularly check the cookies on your respective terminal device as well as your browsing history and delete them on your own.
Local Storage Cookies
In addition, we also use so-called LocalStorage as well as Session Storage technology (also called “Local Data” and “Local Storage” as well as “Session Storage”), which means that we use the storage capacity of your browser.
With LocalStorage, data is stored locally in your browser’s cache, which persists and can be read even after you close the browser window or quit the program, unless you actively clear the cache.
Local Storage allows your preferences when using our websites to be stored on your computer and used by you.
The function of Session Storage corresponds in content to the LocalStorage described, except that the corresponding data is automatically removed from your browser’s cache immediately after the browser is closed (“session”).
Third parties cannot access the data stored in LocalStorage and Session Storage. They will not be passed on to third parties and will not be used for advertising purposes. In particular, this technology is used to be able to present our content to you in an appealing graphical presentation (e.g. pop-ups, etc.) as well as to personalize our offer and the navigation on our pages for you.
The data is not merged with other data (e.g. information from tracking tools, which are also stored separately in LocalStorage).
The LocalStorage also stores certain information and input to the tracking tools for transmission and analysis. This data is only used to analyze and evaluate the surfing behavior of visitors. The data stored in LocalStorage will not be used for advertising purposes.
Insofar as the use of this technology is necessary for the operation of the website, the processing is carried out on the basis of our legitimate interest in being able to provide you with an attractive, fully functional offer, on the basis of Article 6 para 1 sentence 1 lit. f DSGVO, otherwise based on your consent pursuant to. Art. 6 par. 1 p. 1 lit. a GDPR.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or SSL protocol. TLS encryption. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Contact options-e-mail, form and customer satisfaction survey.
On our website there is the possibility to contact us by e-mail and via a customer form. In this context, your information from the e-mail or from the form, including the contact data you provide there, will be stored and processed by us for the purpose of processing the request and in case of follow-up questions. This data (e.g. name, address, telephone number, e-mail address, IP address) will not be passed on to third parties without your consent.
The data is not merged with other data collected on this website.
The data may be stored as part of customer relations management (CRM) if you are already a customer of our company.
The form is sent encrypted using TLS technology. Encryption is used to prevent unauthorized access to your personal data by third parties.
The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO).
The data you provide will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
Transfer of data to third countries
We use various service providers on our website who provide us with different technologies and tools. Some of these service providers transfer personal data to countries outside the European Union or the European Economic Area that do not have an adequate level of data protection or a level of data protection that is fundamentally equivalent to European data protection law.
These countries include, in particular, the United States of America (USA). The associated transfer of personal data must be permissible pursuant to Art. 44 et seq. DSGVO must be permissible.
The European Court of Justice (ECJ) ruled in July 2020 that the Privacy Shield agreement between the EU and the USA (EU-US Privacy Shield) can no longer be used to transfer personal data to the USA. That is, the original existing adequacy decision has been rescinded.
We have therefore concluded the standard data protection clauses issued by the EU Commission, which remain valid, with these service providers affected by this regulation.
Where possible, we also agree on additional guarantees to ensure that sufficient data protection is guaranteed in the USA or other third countries.
Insofar as a service provider maintains so-called approved rules of conduct (Binding Corporate Rules, BCR), which ensure that European data protection standards are complied with in the company, we do not agree on separate standard contractual clauses with the service providers subject to the respective BCR.
Nevertheless, it may happen that despite contractual and technical protection measures, the level of data protection in the third country does not correspond to that in the EU. For these cases, we ask you, in the context of cookie consent, in (contact) forms or other registrations and logins for your consent according to. Art. 49 par. 1 lit. a GDPR for the transfer of personal data to a third country. This relates in particular to the transfer of data to the USA. There, authorities and intelligence agencies such as the National Security Agency (NSA) may have access rights and read capabilities with respect to personal data without us as a data exporter or you as a data subject being aware of this and without any effective legal means being available to prevent or take action against such access.
However, some of our service providers are committed to exercising and exhausting their legal remedies under U.S. law against any government access to your data. Some of them additionally publish transparency reports listing – as far as legally possible – regulatory inquiries and responses.
Information about Google services
We use various services of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
As a result, Google may receive information from you. It cannot be ruled out that Google also transmits the information to a server in a third country.
We have concluded an order processing agreement with Google for the transfer of personal data. If data is transferred to the USA or other third countries in which an adequate level of data protection cannot be guaranteed, we have entered into EU standard data protection clauses with Google in accordance with the German Data Protection Act. Art. 46 DSGVO concluded.
Google has committed to comply with the Standard Contractual Clauses for the transfer of personal data to third countries under Directive 95/46/EC (SCC).
For more information, please visit:
We cannot influence which data Google actually collects and processes. Google states that, in principle, the following information (including personal data) may be processed, among others:
– Log data (especially the IP address)
– Site-related information
– Unique application numbers
– Cookies and similar technologies
If you are logged into your Google account, Google may associate the processed information with your account depending on your account settings. For further guidance on this from Google, please see
Plugins and tools
CDNJS – Cloudflare
The Content Delivery Network (CDN), as offered by the company Cloudflare, is a service with the help of which content of our online offer, in particular large media files, such as graphics or scripts can be delivered faster via regionally distributed and connected servers. Scaling storage and delivery capacity is made available via the CDN. This ensures optimum data throughput even at high peak loads.
Via Cloudflare, user requests on our website are initially routed via Cloudflare servers to the USA. Statistics are generated from these data streams. This allows potential threats to our website from malware to be detected at an early stage and optimizes the loading times of our website.
The legal basis for the use of Cloudflare is your consent according to. Art. 6 par. 1. p. 1 lit. a DSGVO, insofar as you give us your consent to this when you first call up the page.
From our side, there is also a legitimate interest pursuant to Art. Art. 6 par. 1 p. 1 lit. f DSGVO to use Cloudflare to optimize our online service and make it more secure. Nevertheless, we only use Cloudflare if you have given your consent.
We have concluded an order processing agreement with Cloudflare, according to which Cloudflare is authorized and obligated to evaluate the information obtained and to create statistical reports for us on the type and extent of website usage. These statistics enable us to continuously improve our services and to make our website more interesting and user-friendly for you as a user.
Cloudflare also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing.
Since there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses with Cloudflare within the meaning of Art. 46 para. 2 lit. c DSGVO concluded.
Deletion: The acquired data is automatically deleted by Cloudflare after 4 hours.
Use of the Google Tag Manager
We use “Google Tag Manager” on our websites. The service is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The Google Tag Manager provides a functionality that allows us to integrate additional services on our website easily, efficiently and dynamically. Code snippets can be more easily implemented in websites or apps. This allows us to quickly configure and customize services integrated via Google Tag Manager, so-called tags, without having to make technical changes to our website.
The functions of the tags are often used, for example, to analyze the online behavior of users (in general or on the site), to optimize marketing campaigns or to play out appropriate advertising. Services whose use you have already objected to, by the way, are not delivered to your browser by Google Tag Manager.
The Google Tag Manager does not collect any personal data and does not set any cookies itself. However, it can transmit cookies, because the tags used can set cookies. However, when the Google Tag Manager is called up, the IP address and the browser fingerprint (also called device fingerprinting or online fingerprinting) are transmitted to Google. This constitutes data processing within the meaning of Art. 4 No. 2 DSGVO.
Legal basis for the use of “Google Tag Manager” is your consent according to. Art. 6 par. 1 p. 1 lit. a DSGVO, insofar as you give us your consent to this when you first call up the page.
Google also processes data from you in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing. As a basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses in accordance with the German Data Protection Act. Art. 46. par. 2 and 3 GDPR.
Standard contractual clauses are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA).
By entering into these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:
Data processing addendum
We have entered into the Google Ads Data Processing Terms with Google. These correspond to the standard contractual clauses and also apply to Google Tag Manager.
The Google Ads data processing terms and conditions can be found at.
The Google Tag Manager Terms of Service can be found at the following link:
This website uses the web analytics service “Google Analytics”, operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
IP anonymization is active on this website. By activating IP anonymization through the function -anonymizeIP on this website, your IP address will, however, be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:
Google processes your personal data on our behalf. We have therefore, pursuant to Art. 28 para. 3 DSGVO, Google has concluded an order processing agreement with Google, in which Google undertakes to protect your personal data and not to disclose it to third parties for purposes other than those mentioned above.
The legal basis for the use of Google Analytics is your consent in accordance with. Art. 6 par. 1. p. 1 lit. a DSGVO, insofar as you give us your consent to this when you first call up the page.
As there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses with Google within the meaning of Art. 46 para. 2 lit. c DSGVO concluded.
You can revoke your consent to data processing and transfer at any time without giving reasons by sending a message to the specified contact details of our data protection officer, deleting the cookies in your browser or by clicking on the following link:
The lawfulness of data processing that has already taken place is not affected by the revocation of consent.
LinkedIn (company profile)
For recruitment purposes, we use the professional and career network “LinkedIn” and maintain a company profile there. LinkedIn is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085 USA, or if you have your registered office or place of residence in the EU, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
Furthermore, we obtain a statistical evaluation from the collected data as to which groups of people are interested in our company website. Here, the data is processed in such an anonymized form that it is not possible to draw conclusions about individual persons for statistical evaluations, which may contain information about the approximate geographical location or the age group and other summarizing characteristics.
If you are asked by LinkedIn for consent (agreement) to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future, whereby you must contact LinkedIn for this purpose. Data processing carried out up to the time of revocation shall remain lawful.
Data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 DSGVO, which you can view here:
Regardless of the internal responsibilities agreed between us and LinkedIn, you can contact us or our data protection officer as well as LinkedIn with all data protection-related inquiries.
Since there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses with LinkedIn within the meaning of Art. 46 para. 2 lit. c DSGVO concluded.
XING / Kununu – Profile
We operate websites on XING and Kununu to present our company. The provider of XING and Kununu is New Work SE, Dammtorstraße 30, 20354 Hamburg.
Our XING profile serves an active and contemporary approach to potential employees in a professional environment. On this page we also share information about our company, and in this way we present ourselves to the outside world. There we inform about our services, products, interesting special offers as well as about possibilities of employment in our company.
If you are asked by Xing for consent (agreement) to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. a GDPR.
Kununu primarily offers users the opportunity to make and view ratings of employers. At the same time, we use the online presence at kununu to provide information about our company, career opportunities, products and services.
Data processing takes place as joint processing. For content that they provide directly on the platform, i.e. comments, private messages or similar, New Work SE and we act as joint controllers pursuant to Art. 26 DSGVO.
The legal basis for the processing of data is your consent according to. Art. 6 par. 1 p. 1 lit. a Data Protection Regulation (DSGVO), insofar as you have granted it, and furthermore the protection of legitimate interests pursuant to §§ 3 and 4 of the Data Protection Act (DSGVO). Art. 6 par. 1 p. 1 lit. f GDPR. If you contact us, the legal basis may also be Art. 6 para. 1 p. 1 lit. b DSGVO (necessity for the implementation of pre-contractual measures).
The aforementioned legitimate interest is that we would like to communicate with you via our kununu page and inform you about our company, career opportunities and jobs, our products and services.
Since only New Work SE has information about the data actually collected and how it is used on the respective platforms, requests for information and the assertion of other data subject rights should be made directly there. Of course, you can also send us requests in this regard, we will forward them to the operator for further processing.
We only process data via the XING and Kununu platforms that you provide to us directly. These are comments, requests, your user profile, ratings and similar information. These remain for the duration of the existence of the performance.
Processing of the data we use takes place only in the territory of the EU or the EEA. A data transmission to third countries by us does not take place.
Data subject rights
Your rights and assertion of rights
You are entitled to the rights set out below. You can assert these against us. To enforce, please use the data above or contact us by email at: firstname.lastname@example.org
In accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
Pursuant to Art. 16 DSGVO, you have the right to request the correction of inaccurate or incomplete personal data stored by us without delay;
In accordance with Art. 17 DSGVO, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims;
Restriction of processing:
In accordance with Art. 18 DSGVO, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
In accordance with Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
Revocation of your consent:
Pursuant to Art. 7 para. 3 DSGVO, you have the right to revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
Please address your revocation to the above data or by mail to:
Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1. p. 1 lit. e) or f) DSGVO; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is permissible under Union or Member State law to which the controller is subject, and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is made with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a) or g) DSGVO applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
Complaint to a supervisory authority:
You have the right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Status September 2022