Privacy Policy

I. Name and address of controller

Controller under the General Data Protection Regulation and other national data protection laws of the member states and other provisions of data protection law:

Ceyoniq Technology GmbH
Boulevard 9
33613 Bielefeld
Germany
Tel.: 0521/ 9318-1000
Email: info(at)ceyoniq.com
Website: www.ceyoniq.com

Contact details of Data Protection Officer:
Email: axel.veil@bfd.pm
Website: www.ceyoniq.com

II. General provisions on data processing

  1. Scope of processing of personal data
  2. Legal basis for the processing of personal data
  3. Data erasure and storage period
  4. Use of cookies and third-party resources
  5. Contact form, email contact
  6. Application form
  7. Event registration
  8. Download of information material
  9. LinkedIn lead generation
  10. Data protection information for interested parties (access via QR code or link)
  11. Rights of data subject
  12. Right to lodge a complaint with a supervisory authority
Cookie settings
  1. Scope of processing of personal data
    We only process our users’ personal data where this is required in order to provide a functional website as well as our content and services. Personal data on our users is usually only processed with the permission of the user. An exception applies in cases in which it is not possible to gain permission for practical reasons and the processing of the data is permitted by statutory provisions.
  1. Legal basis for the processing of personal data
    Where we obtain the permission of the data subject for the processing of personal data, Art. 6 Para. 1 Point a GDPR shall serve as the legal basis.
    Art. 6 Abs. 1 Point b GDPR shall serve as the legal basis for the processing of personal data that is required in order to fulfil a contract of which the data subject is a contractual party. 1 Point b GDPR shall serve as the legal basis This also applies to processing that is required in order to conduct pre-contractual measures.
    Where processing of personal data is required in order to fulfil a statutory obligation to which our company is subject, Art. 6 Para 1 Point c GDPR shall serve as the legal basis
    Where vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 Para. 1 Point d GDPR shall serve as the legal basis.
    Where processing is required in order to safeguard a legitimate interest of our company or a third party, and the interests, basic rights and basic freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 Para. 1 Point f GDPR shall serve as the legal basis for the processing.
  1. Data erasure and storage period
    The personal data of the data subject will be erased or blocked as soon as the purpose of storage expires. Data may also be saved where this is prescribed by European or national legislation in the form of EU directives, laws or other provisions to which the responsible person is subject. Data may also be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is required for conclusion or fulfilment of a contract.
  1. Use of cookies and third-party resources

    a) Technically necessary cookies
    Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic sequence of characters that allows the browser to be uniquely identified when the website is accessed again.
    We use cookies in order to make our website more user friendly. Some elements of our website require the browser accessing it to be identifiable even once the page is left.
    The following data is saved and transmitted in the cookies:
    • Session ID
    • Language settings

    aa) Legal basis for data processing

    The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 Point f GDPR.

    bb) Purpose of data processing
    The purpose of using technically necessary cookies is to make the use of websites easier for the users. Some of the functions of our website cannot be offered without the use of cookies. For this, the browser needs to be recognised even once the page is left.
    We need cookies for the following applications:
    • Applying language settings
    • Recognising users in the service portal
    The user data collected by technically necessary cookies is not used to create user profiles.
    Our legitimate interest in processing the personal data in accordance with Art. 6 Para. 1 Point f GDPR also lies in these purposes.

    cc) Period of storage, option of objection and deletion

    Cookies are stored on the user’s computer and transmitted from this computer to our page. Therefore, the user has full control over the use of cookies. The user can deactivate or limit the transmission of cookies by changing the settings in their internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Where cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full.


b) Web analysis with Google Analytics
We use Google Analytics on our website to analyse the surfing behaviour of our users. The software places a cookie on the user’s computer (see above for more information on cookies). Where individual pages of our website are accessed, the following data is saved:

• Federal state from which the user accesses the page
• IP address (partially anonymised)
• Website accessed
• Website from which the user came to the website accessed (referrer)
• Sub-pages accessed from the website accessed
– Download clicks of information material
• Dwell time on the website
• Frequency with which website is accessed (if cookies allowed)

The data is passed on to Google Analytics.

Please note that the code “gat._anonymizeIp();” has been added to Google Analytics on this website in order to guarantee that IP addresses are collected in anonymised form (IP masking). The service is set up in such a way that the IP addresses are not saved in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). This makes it impossible for the shortened IP address to be traced to the computer accessing the site.

aa) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 Point f GDPR.

bb) Purpose of data processing
Processing the users’ personal data allows us to analyse our users’ online behaviour. By analysing the data collected, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user friendliness. Our legitimate interest in processing the data in accordance with Art. 6 Para. 1 Point f GDPR also lies in these purposes. Anonymising the IP address sufficiently accommodates the users’ interest in the protection of personal data.

cc) Period of storage
The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is after 26 months.

dd) Option of objection and deletion
Cookies are stored on the user’s computer and transmitted from this computer to our page. Therefore, the user has full control over the use of cookies. The user can deactivate or limit the transmission of cookies by changing the settings in their internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Where cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full.
On our website, we offer our users the option to opt out of the analysis process. To do this, the user should use the relevant link. This places a further cookie on their system that signals to our system that it should not store the user’s data. If the user deletes the relevant cookie for their system in the meantime, they need to set the opt-out cookie again.
The user can also prevent the data generated by the cookie regarding their use of the website (including their IP address) from being sent to Google and prevent Google from processing this data by downloading and installing the browser plug-in available under the following link:http://tools.google.com/dlpage/gaoptout?hl=de.
The user can prevent this collection by Google Analytics by clicking the following link. This places an opt-out cookie that prevents the user’s data from being collected when they visit this website in future: Click here to opt out.
More detailed information on conditions of use and data protection is available at http://www.google.com/analytics/terms/de.html or https://www.google.de/policies/privacy/


c) Web analysis with Clickdimensions

aa) Recorded data
We record the following data when the form is downloaded:

• Name
• Email address
• Company
• Postcode

bb) Purpose of data processing
Data is recorded for lead generation and the initiation of business contacts.

cc) Period of storage
The data is saved either until active logout or until the purpose has been fulfilled, and is then permanently deleted.


d) Gravity Forms + DP plugin
In connection with Clickdimensions, we also use the form tool Gravity Forms incl. the additional data protection plugin, which allows further and more detailed data protection settings.

aa) Recorded data
We record the following data when the form is downloaded:

• IP address

bb) Purpose of data processing
Data is recorded for lead generation and the initiation of business contacts.

cc) Period of storage
The IP address is automatically deleted after 90 days.


e) Cookie settings
Cookie settings can be changed subsequently at any time.
Go to cookie settings.

  1. Contact form, email contact
    Our website includes a contact form that can be used to get in touch with us electronically. We use the Gravity Forms plugin for this, too. If a user uses this opportunity, the data entered in the input fields is transmitted to us and saved. This data comprises the following:
    • Name, form of address
    • Company
    • Professional contact details
    • Message content

    At the moment in which the message is sent, the following data is also saved:
    • User’s IP address
    • Date and time of registration

    During the sending process, the user is asked to give their consent to this data processing and referred to this Privacy Policy. Alternatively, users can contact us using the email address provided. In this case, the user’s personal data transmitted with the email is saved.
    No data is passed on to third parties in this context. The data is used exclusively in order to process the conversation.

    a) Legal basis for data processing
    Where the user has granted consent, the legal basis for processing is Art. 6 Para. 1 Point a GDPR.
    The legal basis for processing data transmitted in the process of sending an email is Art. 6 Para. 1 Point f GDPR.

    b) Purpose of data processing

    The processing of the personal data from the input fields serves solely for processing the contact request. Where we are contacted by email, this also forms the basis for the necessary legitimate interest in processing the data.
    The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

    c) Period of storage
    The data is erased as soon as it is no longer required in order to fulfil the purpose of its collection. For the personal data from the input fields of the contact form and the personal data sent via email, this is the case once the respective conversation with the user is completed. The conversation is completed when the circumstances indicate that the issue in question has been finally clarified.
    The personal data also collected during the sending process is erased after a period of seven days at the latest.

    d) Option of objection and deletion

    The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued.
    The withdrawal of consent can be directed at the email address or postal address above. We will notify the user as soon as the data is erased.
    In this case, all personal data that was saved in this contact request will be erased.

  1. Application form
    Our website offers the option of applying for jobs online. On the Careers page, we set out the information required for an application process at Ceyoniq Technology. Applicants will be asked for specific personal data (name, address, email address) and to attach their cover letter, CV and other application documents. This data is not anonymised and is available to our Application Management team and the HR department.
    At the moment in which the message is sent, the following data is also saved:
    • User’s IP address
    • Date and time of registration

    We explicitly ask that applicants refrain from transmitting sensitive personal data under Art. 9 Para. 1 GDPR.

    a) Legal basis for data processing
    The processing of applicant data is necessary in order to conduct the application process. The legal basis for data processing in the application process and as part of the personnel files is:
    • § 26 Para 1 Clause 1 BDSG and Art. 6 Para. 1 Sub-para. 1 Item b GDPR
    • Art. 6 Para 1 Sub-para. 1 Item a GDPR where the user has granted consent, such as by sending information not necessary for the application process or by marking relevant checkboxes.

    The legal basis for data processing following rejection is:
    • Art. 6 Para 1 Sub-para. 1 Item f GDPR. The legitimate interest in the processing based on Art. 6 Para. 1 Sub-para. 1 Item f GDPR is defence against legal claims.

    The legal basis for retention for budgetary and tax law reasons is:
    • Art. 6 Para 1 Sub-para. 1 Point c GDPR.

    b) Purpose of data processing

    The data entered here is processed and used exclusively for the purpose of applicant selection and, where they have provided consent, to prepare an individualised ambience for the interview.

    c) Period of storage
    We store personal data for as long as this is necessary in order to make a decision on the application. Personal data and application documents are erased no later than six months following the end of the application process (e.g. following notification of the rejection decision), unless a longer retention period is legally required or permissible. In addition, we only store personal data where this is required by law or in the specific case in order to assert, exercise or defend against legal claims for the duration of a legal dispute.

  1. Event registration
    Our website offers the option of registering for both in-person and online events held by Ceyoniq Technology GmbH. If a user uses this opportunity, the data entered in the input fields is transmitted to us and saved. This data comprises the following:
    • User’s IP address
    • Date and time of registration
    • Name
    • Professional contact details
    • Company

    At the moment in which the message is sent, the following data is also saved:
    • Date and time of registration

    During the sending process, the user is asked to give their consent to this data processing and referred to this Privacy Policy. The user still has the option of granting consent to a further contact request in order to send product information or invitations to events.

    Where the user takes part in a Ceyoniq Technology GmbH event, the following data is passed on to other subsidiaries in the Kyocera Group:
    • Name
    • Company
    • Participation in event

    This serves internal administrative purposes.

    a) Legal basis for data processing
    Where the user has granted consent, the legal basis for processing is Art. 6 Para. 1 Point a GDPR. The legal basis for passing on data within the Group is Art. 6 Para. 1 Point f GDPR.

    b) Purpose of data processing

    The processing of the personal data from the input fields serves our purposes for organising and conducting the relevant event. Where the user has continued to give permission, this information also allows us to contact them for promotional purposes regarding future events or our products.
    The other personal data processed during the sending process serves to prevent misuse of the registration form and to ensure the security of our IT systems.

    c) Period of storage
    The data is erased as soon as it is no longer required in order to fulfil the purpose of its collection. For the personal data from the input fields in the registration form, this is xx months/years after execution of the event.
    The personal data also collected during the sending process is erased after a period of seven days at the latest.
    Data that we process in order to contact the user for promotional purposes based on consent is erased as soon as the user withdraws consent.

    d) Option of objection and deletion
    The user has the option to withdraw their consent to the processing of personal data at any time. Where consent to processing for the purpose of executing the event is withdrawn before the date of the respective event, however, participation in the event will not be possible. Regardless of this, consent to contact for promotional purposes can be withdrawn at any time.
    The withdrawal of consent can be directed at the email address or postal address above. We will notify the user as soon as the data is erased.
    In this case, all personal data that was saved in this contact request will be erased.

  1. Download of information material
    Our website offers the option of downloading information material on our products and services. If a user uses this opportunity, the data entered in the input fields is transmitted to us and saved.
    This data comprises the following:
    • Name
    • Email address
    • Company
    • Postcode

    At the moment in which the message is sent, the following data is also saved:
    • Date and time of registration
    • Documents downloaded

    By sending data, the user grants consent to the processing of the data and will be referred to this Privacy Policy. The user still has the option of granting consent to a further contact request in order to send further product information.
    In order for us to record this personal data, forwarding to the server of Copernica BV takes place. This forwarding is technically necessary.

    a) Legal basis for data processing
    Where the user has granted consent, the legal basis for processing is Art. 6 Para. 1 Point a GDPR.
    The legal basis for forwarding data is Art. 6 Para. 1 Point f GDPR.

    b) Purpose of data processing
    The processing of the personal data from the input fields serves our purposes for sending the respective information. Where the user has continued to give permission, this information also allows us to contact them for promotional purposes regarding our products.
    The other personal data processed during the sending process serves to prevent misuse of the form and to ensure the security of our IT systems.

    c) Period of storage
    The data is erased as soon as it is no longer required in order to fulfil the purpose of its collection. The personal data also collected during the sending process is erased after a period of seven days at the latest.
    Data that we process in order to contact the user for promotional purposes based on consent is erased as soon as the user withdraws consent.

    d) Option of objection and deletion
    The user has the option to withdraw their consent to the processing of personal data at any time. The withdrawal of consent can be directed at the email address or postal address above. We will notify the user as soon as the data is erased.
    In this case, all personal data that was saved in relation to the download will be erased.
  1. LinkedIn lead generation

    If the user downloads files such as information material, flyers or white papers from Ceyoniq via the platform LinkedIn, data will be transferred to our CRM system once the user has confirmed with a click in our contact form and the double opt-in process via email.
    Type of data:
    • Date and time
    • Name
    • Professional contact details
    • Company

    a) Legal basis for data processing
    Where the user has granted consent, the legal basis for processing is Art. 6 Para. 1 Point a GDPR.

    b) Purpose of data collection
    Data storage serves the purpose of lead generation and initial business contact.

    c) Period of storage
    A subsequent email will request completion of the double opt-in process. If this is not confirmed, the data will be automatically erased after one week. Otherwise, it will be erased following termination of the potential business relationship, taking statutory retention periods into account.

    d) Option of objection and deletion
    The user has the option to withdraw their consent to the processing of personal data at any time. Where consent to processing for the purpose of executing the event is withdrawn before the date of the respective event, however, participation in the event will not be possible. Regardless of this, consent to contact for promotional purposes can be withdrawn at any time.
    The withdrawal of consent can be directed at the email address or postal address above. We will notify the user as soon as the data is erased.
    In this case, all personal data that was saved in this contact request will be erased.

  1. Data protection information for interested parties (access via QR code or link)
    If we collect data as part of a meeting with interested parties, we provide a QR code or link on this page. By doing so, we want to inform interested parties about the processing of their data.
    Both we and any carefully selected and supervised service providers (printshops, lettershops etc.) we commission process the data that we receive as part of acquiring new business partners or initiating contractual relationships. This primarily relates to business contact details, as well as other information exchanged in this context. In particular, the following:
    • Name, form of address
    • Company
    • Professional contact details
    • Interests/enquiries

    a) Legal basis for data processing
    The legal basis for data processing is Art. 6 Para. 1 Point f GDPR or Art. 6 Para. 1 Point 1 Point f GDPR or Art. 6 Para. 1 Point b GDPR, where pre-contractual measures are already being conducted. In the case of processing on the basis of Art. 6 Para. 1 Point f GDPR, the legitimate interest lies in acquiring and initiating new business contacts, gaining consent to contact for promotional purposes, and direct advertising itself.
    Where the user has granted consent, the legal basis for processing is Art. 6 Para. 1 Point a GDPR.

    b) Purpose of data processing
    The purposes of data processing are as follows:
    • To gain consent for contact for promotional reasons as per § 7 UWG, unless this has already occurred
    • For addition to a directory of customers and interested parties in our Marketing and Sales department
    • Subject to consent as per § 7 UWG, to send product information and promotional contact (direct advertising) regarding our products
    • Where consent has been granted or the conditions for assumed consent are met, telephone contact for promotional purposes
    • Analyses for promotional and marketing purposes

    c) Period of storage
    The data is erased as soon as it is no longer required in order to fulfil the purpose of its collection. The data is erased as soon as it is no longer required in order to fulfil the purpose of its collection.

    d) Option of objection and deletion
    Interested parties have the option of withdrawing their consent to the processing of the personal data at any time. The withdrawal of consent can be directed at the email address or postal address above. We will inform interested parties as soon as the data is erased. The rights to object to processing based on Art. 6 Para. 1 Point f GDPR or for the purposes of direct advertising are referred to separately below.
  1. Rights of data subject
    Where personal data on the user is processed, the user is the data subject under GDPR and has the following rights against the controller:

    a) Right of access
    The user has the right to obtain from the controller confirmation as to whether personal data is processed by us and,
    where that is the case, access to the following information:
    (1) The purposes of the processing
    (2) The categories of personal data concerned
    (3) The recipients or categories of recipient to whom the personal data has been or will be disclosed
    (4) Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
    (5) The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
    (6) The existence of the right to lodge a complaint with a supervisory authority
    (7) Where the personal data is not collected from the data subject, any available information as to its source
    (8) The existence of automated decision-making, including profiling, referred to in Article 22 Paras. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
    The user has the right to obtain information on whether the personal data is transmitted to a third country or to an international organisation. In this context, the user can obtain notification of the appropriate guarantees as per Art. 46 GDPR in connection with the transmission.


b) Right to rectification
The user has a right to rectification and/or completion against the controller where their personal data processed is incorrect or incomplete. The controller shall conduct the rectification immediately.


c) Right to restriction of processing
The user has the right to obtain from the controller restriction of processing where one of the following applies:
(1) The user contests the accuracy of their personal data for a period that enables the controller to verify the accuracy of the personal data.
(2) The processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of its use instead.
(3) The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
(4) The user has objected to processing as per Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If the processing of personal data has been restricted, such data may only be processed – with the exception of storage – with the user’s consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
If the restriction of processing has been restricted under the conditions listed above, the user will be notified by the controller before the restriction is lifted.


d) Right to erasure
The user has the right to obtain from the controller the erasure of their personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The user’s personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) The user withdraws the consent on which the processing is based as per Art. 6 Para. 1 Point a or Art. 9 Para. 2 Point a GDPR and where there is no other legal basis for the processing
(3) The user objects to the processing as per Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the user objects to the processing as per Art. 21 Para. 2 GDPR.
(4) The user’s personal data has been unlawfully processed.
(5) The erasure of the user’s personal data is required in order to comply with a legal obligation under the law of the European Union or a member state to which the controller is subject.
(6) The user’s personal data was collected in relation to the offer of information society services as per Art. 8 Para. 1 GDPR.


e) Information to third parties
Where the controller has made the user’s personal data public and is obliged pursuant to Art. 17 Para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user, as the data subject, has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.


f) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 Point h and i as well as Art. 9 Para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 Para. 1 GDPR insofar as the right referred to in Paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.


g) Right of notification
Where the user has established the right to rectification, erasure or restriction of processing against the controller, the controller is obligated to notify all recipients to whom the personal data has been disclosed of this rectification, erasure or restriction of processing, except where this proves impossible or involves disproportionate effort.
The user has the right to be informed about these recipients by the controller.


h) Right to data portability
The user has the right to receive their personal data, which they have provided to the controller, in a structured, commonly used and machine-readable format and the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) the processing is based on consent as per Art. 6 Para. 1 Point a GDPR or Art. 9 Para. 2 Point a GDPR or on a contract as per Art. 6 Para. 1 Point b GDPR; and
(2) the processing is carried out by automated means.

In exercising this right, the user also has the right to have their personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


i) Right to object
The user has the right to object, on grounds relating to their particular situation, at any time to processing of their personal data which is based on Art. 6 Para. 1 Point e or f, including profiling based on those provisions.
The controller shall no longer process the user’s personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the user’s interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, the user has the right to object at any time to the processing of their personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the user objects to processing for direct marketing purposes, the user’s personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the user has the option of exercising their right to object by automated means using technical specifications.


j) Right to withdraw the declaration of consent under data protection law
The user has the right to withdraw the declaration of consent under data protection law at any time. The withdrawal of consent does not affect the legality of the processing conducted based on consent before its withdrawal.


k) Automated individual decision-making, including profiling
The user has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the user or similarly significantly affects the user. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between the user and the controller;
(2) is authorised by Union or Member State law to which the controller is subject, is permissible, and lays down suitable measures to safeguard the user’s rights and freedoms and legitimate interests; or
(3) is based on the user’s explicit consent.

However, these decisions must not be based on special categories of personal data: in accordance with Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 Point a or g GDPR applies and suitable measures to safeguard the user’s rights and freedoms and legitimate interests are in place.
In the cases referred to in Sections (1) and (3), the controller shall implement suitable measures to safeguard the user’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

  1. Right to lodge a complaint with a supervisory authority
    Without prejudice to any other administrative or judicial remedy, the user has the right to lodge a complaint with a supervisory authority, in particular in the Member State of the user’s habitual residence, place of work or place of the alleged infringement, if they consider that the processing of their personal data infringes the GDPR.

    The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy in accordance with Art. 78 GDPR.