Von Roll® - Privacy notice

Aim of privacy notice

Von Roll appreciate that the protection of your privacy is a very important concern for you when visiting our website.

Protecting your personal data is something we take seriously. We would therefore like to use this privacy notice to inform you of when we store your data and how we use it. This privacy notice is applicable to Von Roll Holding AG and all its subsidiaries across the globe.

Respect for data protection provides a foundation for commercial relationships based on trust and allows the Von Roll Group to maintain its reputation. This privacy notice creates part of a framework required for data transfers to be made all over the world, between the companies and their stakeholders, including commercial partners, applicants, investors, the media and other target groups. It ensures that there is an adequate level of data protection, in accordance with the European Data Protection Regulation (GDPR) and national laws, in relation to cross-border data transfers, even in countries that do not ensure an adequate level of data protection.

I. Name and address of the company controlling the data

The data controller, as defined in the General Data Protection Regulation, other national data protection laws of the Member States, as well as statutory data protection provisions is:

Von Roll Holding AG
Passwangstrasse 20
4226 Breitenbach
Switzerland
Tel.: 0041 (0)61 785 51 11
Email: dataprotection@vonroll.com
Websites: www.vonroll.com, www.vonrollgroup.com and www.vonroll.institute

II. Name and address of the data protection officer

The data protection officer of the data controller is:

Von Roll Holding AG
Passwangstrasse 20
4226 Breitenbach
Switzerland
Tel.: 0041 (0)61 785 51 11
Email: dataprotection@vonroll.com
Websites: www.vonroll.com, www.vonrollgroup.com and www.vonroll.institute

III. General information on data protection


1. Scope of processing of personal data

As a general principle, we only process personal data if this is necessary to allow us to provide a functioning website, as well as our content and services. We usually only process the personal data of our users after the user has given their consent. There is an exception in cases where practical reasons mean that it is not possible to gain prior consent and the processing of the data is permitted by law.

2. Legal basis for processing personal data

Whenever we request the consent of the data subject for activities involving the processing of personal data, point a of Art. 6(1) of the EU General Data Protection Regulation (GDPR) shall provide the legal basis.

Whenever processing personal data is necessary in order to comply with a contract to which the data subject is party, point b of Art. 6(1) of the GDPR shall provide the legal basis. This also applies to processing activities which are required for the implementation of pre-contractual measures.

If processing personal data is necessary for compliance with a legal obligation which our company is subject to, point c of Art. 6(1) of the GDPR shall provide the legal basis.

In cases where it is necessary to process personal data in order to protect an interest which is essential for the life of the data subject or of another natural person, point d of Art. 6(1) of the GDPR shall provide the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third-party, and the latter interest is not overridden by the interests or fundamental rights and freedoms of the data subject, point f of Art. 6(1) of the GDPR shall provide the legal basis.

3. Erasure of data and storage period

The personal data of the data subject shall be erased or blocked as soon as the purpose behind the storage no longer applies. Data may also be retained if this is provided for by the European or national legislature as part of Union regulations, laws or other provisions that are applicable to the data controller. In such situations, data shall also be blocked or erased if the storage period stipulated by the relevant provisions comes to an end, unless it is necessary to store the data for longer in order to conclude or perform a contract.

IV. Providing the website and creating log files


1. Description and scope of data processing

Every time someone accesses our website, our system automatically collects data and information from the computer system of the computer that has accessed it.

The following data shall be collected in this way:

  1. Information on the type of browser and the version being used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The user’s IP address
  5. The date and time of access
  6. Websites that have directed the user’s system to our website
  7. Websites that were accessed by the user via our website

The IP addresses or other data contained in the log files that can be attributed to a user. This may be the case, for instance, if personal data is contained in the link to a website through which the user accesses the website, or a link to the website that the user is switching to.

The data shall also be stored in the log files of our system. This data shall not be stored along with other personal data of the user.

2. Legal basis for data processing

Point f of Art. 6(1) of the GDPR shall provide the legal basis for the temporary storage of data and log files.

3. Purpose of data processing

The system must temporarily store the user’s IP address to transmit the website to the user’s computer. The user’s IP address must therefore be retained for the duration of the session.

Data is stored in log files to ensure the website functions properly. In addition, the data allow us to optimise the website and ensure our IT systems are kept secure. In such situations, the data is not analysed for marketing purposes.

When it comes to these aims, our legitimate interest in data processing also stems from point f of Art. 6(1) of the GDPR.

4. Storage period

The data shall be erased once it is no longer necessary for the purpose for which it was collected. When data is collected to allow us to provide our website, this occurs when the relevant session ends.

When storing data in log files, this takes place after seven days at the latest. Data may be stored for longer periods. If this occurs, the IP addresses of users shall be erased or masked, so it is no longer possible to attribute them to the client accessing the site.

5. Option to object and have data deleted

 The collection of data to make the website available and the storage of data in log files is absolutely essential for the operation of the site. Because of this, the user is not entitled to raise an objection in this context. 

V. Use of cookies


a) Description and scope of data processing

Our website makes use of cookies. Cookies are text files that are sent by a website to your computer, tablet, or mobile browser (which shall all hereinafter be referred to as a “device”) and stored on the terminal. Each cookie contains a distinct string of characters that make the browser clearly identifiable when the website is accessed again. Cookie files are stored on your browser and allow the service or a third-party to recognise you and make your next visit easier, as well as making the service more useful to you.

Cookies include “permanent cookies” and “session cookies”. Below is an overview of the different types of cookies used on our website:

Cookies that are technically necessary

We use cookies to make our website more user-friendly. Some aspects of our website need to be able to recognise the web browser that is being used to access the site, even if the user moves on to a different page.

In these circumstances, the following data is transferred to the cookies and stored there:

  1. Activation of the responsive design: where the web design adapts to the screen of the person using the website
  2. Font and font settings
  3. Language settings
  4. Log-in data
  5. Open tabs within the content

Functional cookies

We also use cookies on our website that allow the browsing patterns of the user to be analysed.

In this way, the following data can be transferred:

  1. Search terms entered
  2. Number of page views
  3. Time spent on the website
  4. Features of the website used

The user data collected in this way shall be pseudonymised using technical measures. As a result, the data shall not be attributable to the user who has accessed the site. The data shall not be stored along with other forms of personal user data.

Whenever users access our website, a banner shall inform them about the use of cookies for analytical purposes and refer them to this privacy notice.

Whenever a user accesses our website, a banner shall inform them about the use of cookies for analytical purposes and refer them to this privacy notice. Chapter V section b of this privacy notice, below, explains how you can prevent cookies from being stored.

b) Note on how to prevent cookies from being stored 

Any website can send its own cookie to your browser if this is permitted by your browser settings. The main purpose of this is to be able to recognise the user while they are visiting the site. Similar technology is used in emails to determine whether or not they have been read, as well as whether links have been clicked on, and if so, which. You can use your device to change your browser settings, as well as checking and changing the specific cookies that it accepts. You can also delete any existing cookies.

If you continue without changing your settings we shall assume that you are happy to receive cookies while on our website. However, you can change your cookie settings at any time by changing your browser settings.

To do this, please select the link to your browser’s cookie settings:

Safari browser: https://support.apple.com/kb/PH21411?locale=de_CH&viewlocale=en_US 
Internet Explorer browser: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Chrome browser: https://support.google.com/accounts/answer/61416?hl=en
Firefox browser: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Changing your settings or blocking cookies means you will not be able to take full advantage of some important features of our website.

b) Legal basis for data processing 

Point f of Art. 6(1) of the GDPR shall provide the legal basis for processing personal data when using technically necessary cookies.

In accordance with point a of Art. 6(1) of the GDPR, when data is being processed for analytical purposes, using cookies, the consent of the user shall provide the necessary legal basis.

c) Purpose of data processing

The purpose of technically necessary cookies is to make it easier for users to use websites. Some of the features of our website cannot be provided without using cookies. These features need to be able to recognise the browser even if the user moves on to a different page.

We require cookies in order to perform the following tasks:

  1. To see which tabs have been viewed, so that they remain open on subsequent visits to the site
  2. To carry the language settings over
  3. To carry the country settings over

The user data collected from technically necessary cookies shall not be used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Analysis cookies allow us to find out how our website is being used, so that we can continuously improve our services.

Our legitimate interest in processing personal data for these purposes also stems from point f of Art. 6(1) of the GDPR.

e) Storage period, option to object and have data deleted

 Cookies are stored on the user’s computer, which then transmits them to our site. This means that you, as the user, have full control over how cookies are used. By changing the settings of your web browser, you can disable or limit the transmission of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are disabled for our website it may not be possible to take full advantage of all its features.

VI. Newsletter


1. Description and scope of data processing

The newsletter is sent to the user if they sign up using the newsletter sign-up form on the website:

On our website, users are offered the chance to subscribe to a free newsletter. Signing up for the newsletter involves data being transferred from the input screen to us, including the following information:

  • Title
  • Surname*
  • Forename(s)*
  • Email address*
  • Company
  • Town/city
  • Country
  • Areas of interest (including products, events, investors, press, other)
  • *Mandatory field, as the newsletter cannot be sent without this information.

The following data is also collected when someone signs up:

  1. Date and time of registration
  2. Confirmation of the double opt-in sign-up
  3. Chosen language

During the sign-up process, you will be asked to consent to the processing of this data, and you will also be referred to this privacy notice.

We also send you the newsletter when inviting you to events:

If you have been in touch with at least one Von Roll employee directly, we may invite you to select customer events. We also use the newsletter for this purpose. In such cases, only a select few people will be specifically contacted via the newsletter.

None of the data processed for the purpose of sending newsletters shall be passed on to third-parties. This data shall be used for the sole purpose of sending the newsletter.

You can unsubscribe at any time by clicking the link at the bottom of the newsletter.

2. Legal basis for data processing

The newsletter is sent as a result of the user signing up using the newsletter sign-up form on our website:

Point a of Art. 6(1) of the GDPR shall provide the legal basis for the processing of data after the user has signed up for the newsletter in situations where they have given consent.

The newspaper is sent due to an existing customer relationship, established through selling goods or services:

Section 7(3) of the German Law Against Unfair Competition (UWG) shall provide the legal basis for sending the newsletter subsequent to selling goods or services.

3. Purpose of data processing

We take the user’s email address so that we can send the newspaper.

Other data collected during the sign-up process allows us to prevent misuse of these services or the email address provided.

4. Storage period

The data shall be erased once it is no longer necessary for the purpose for which it was collected. As a result the user’s email address shall be retained while the subscription to the newsletter is active.  

As a general rule, other personal data collected during the sign-up process shall be erased after a period of seven days.

5. Option to object and have data deleted

The data subject can cancel their subscription to the newsletter at any time. This can be done via a corresponding link contained in every newsletter,

 which can also be used to withdraw consent to the retention of personal data collected during the sign-up process.

VII. Contact and order form, email contact details


1. Description and scope of data processing

A contact form is available on our website, as well as options for ordering publications (brochures, product data sheets, annual reports), which can be used to contact us electronically. If a user chooses to avail of this option, the data they have entered into the input screen shall be transferred to us and stored. The following data is collected via the contact form:

  • Title
  • Forename
  • Surname
  • Email*
  • Subject*
  • Phone
  • Query*
  • *Only the email address, subject and query are mandatory fields

The following data is also stored when the form is submitted:

1. Date and time of submission

The following additional data is also collected through order forms for printed materials:

  • Title
  • Forename(s)*
  • Surname*
  • Company*
  • Street*
  • Postcode*
  • Town/city*
  • Country*
  • Phone*
  • Email*
  • Subject* (desired publication)
  • The subject and delivery address are mandatory fields

The following data is also stored when the form is submitted:

2. Date and time of submission

During the submission process, you will be asked to consent to the processing of the data. You will also be referred to this privacy notice.

Users can also get in touch using the email address provided. If users choose to do this, their personal details that are sent via the email shall be retained.

In such situations, no data shall be passed on to third parties. This data shall be used for the sole purpose of processing the conversation.

2. Legal basis for data processing

Point a of Art. 6(1) of the GDPR shall provide the legal basis for processing data in situations where they have given consent.

Point f of Art. 6(1) of the GDPR shall provide the legal basis for processing the data that is transmitted when sending an email. If the email is sent for the purpose of concluding a contract, point b of Art. 6(1) of the GDPR shall provide an additional legal basis for processing the data.

3. Purpose of data processing

We only process personal data from the input screen to allow us to deal with the information people send us. If we are contacted via email, we necessarily also have a legitimate interest in processing the data.

Any other personal data processed during the submission process allows us to prevent misuse of the contact form and ensure that our IT systems are secure.

4. Storage period

The data shall be erased once it is no longer necessary for the purpose for which it was collected. The personal data from the input screen of the contact form and data which is sent via email are deleted once the conversation with the user has been closed. The conversation is closed when circumstances indicate that the relevant issue has been resolved conclusively.

Additional personal data collected during the submission process shall be erased after seven days at the latest.

5. Option to object and have data deleted

The user is entitled to withdraw their consent to processing of the personal data at any time. If the user contacts us via email, they may withdraw their consent for us to store their personal data at any time. In such situations, it will not be possible to continue with the conversation.

 If the user chooses to do this, all the personal data that was stored when they contacted us shall be erased.

VIII. Entering a job application on our site


1. Description and scope of data processing

Our website has a form for applications, which can be used both for spontaneous applications and to apply for listed positions. If a user chooses to avail of this option, the data they have entered into the input screen shall be transferred to us and stored. The following data is collected via the application form:

  • Title*
  • Forename(s)*
  • Surname*
  • Email*
  • Street*
  • Postcode*
  • Town/city*
  • Country*
  • Nationality*
  • Phone*
  • Date of birth
  • Cover letter*
  • CV*
  • References
  • Photo
  • Other information (comment box)
  • *Your title, forename, surname, address, nationality, cover letter and CV are mandatory fields

The following data is also stored when the form is submitted:

3. Date and time of submission

During the submission process, you will be asked to consent to the processing of the data. You will also be referred to this privacy notice.

Users can also get in touch using the email address provided. If users choose to do this, their personal details that are sent via the email shall be retained.

In such situations, no data shall be passed on to third parties. The data shall be used for the sole purpose of processing the application.

2. Legal basis for data processing

Point a of Art. 6(1) of the GDPR shall provide the legal basis for processing data in situations where they have given consent.

Point f of Art. 6(1) of the GDPR shall provide the legal basis for processing the data that is transmitted when sending an email. If the email is sent for the purpose of concluding a contract or to implement pre-contractual measures point b of Art. 6(1) of the GDPR shall provide an additional legal basis for processing the data.

3. Purpose of data processing

We only process data from the input screen to allow us to deal with your application and contact you in relation to it. If we are contacted via email, we necessarily also have a legitimate interest in processing the data.

Any other personal data processed during the submission process allows us to prevent misuse of the application form and ensure that our IT systems are secure.

4. Storage period

The data shall be erased once it is no longer necessary for the purpose for which it was collected. The personal data from the input screen of the application form and which is sent via email is deleted once the conversation with the user has been closed. The conversation is closed when circumstances indicate that the relevant issue has been resolved conclusively.

Additional personal data collected during the submission process shall be erased after the application process has ended, after six months at the latest.

5. Option to object and have data deleted

The user is entitled to withdraw their consent to processing of the personal data at any time. If the user contacts us via email, they may withdraw their consent for us to store their personal data at any time. In such situations, it will not be possible to continue with the conversation.

 If the user chooses to do this, any personal data that was stored when they contacted us shall be erased immediately.

IX. Web analysis by Google


1. Scope of processing of personal data

Our website uses Google Analytics to analyse the browsing patterns of our users. The software places a cookie on the user’s computer (for more information about cookies, see the relevant section above). We use the Google Analytics web analysis service so we can design the websites based on needs and continue to improve them.

This involves generating anonymous user profiles and using cookies, which allows information about your use of the website to be gathered, such as:

  1. The browser type and version;
  2. the website accessed;
  3. the operating system used;
  4. the referrer URL (the last site visited);
  5. the time of the server request;
  6. the GeoSegmentation;
  7. the subpages that were accessed from the website visited;
  8. the length of time spent on the website;
  9. the number of times the website was accessed;
  10. the time zone;
  11. the type of connection (whether it is via a mobile network or the internet);

This information is used to conduct statistical analysis. Under no circumstances will the user’s IP addresses be combined with other user-related data. IP addresses will be anonymised so they cannot be attributed to anyone (IP masking).

2. Legal basis for processing personal data

Point f of Art. 6(1) of the GDPR shall provide the legal basis for the processing of the user’s personal data.

3. Purpose of data processing

Processing the personal data of our users allows us to analyse their browsing patterns. Evaluating the data collected allows us to gather information about the how the individual components of our website are used, helping us to continuously improve our website and its user friendliness. Our legitimate interest in processing data for these purposes also stems from point f of Art. 6(1) of the GDPR. Anonymising the user’s IP address ensures their interest in having their personal data protected is sufficiently taken into account.

4. Storage period

The data shall be erased once it is no longer necessary for our record-keeping purposes.

5. Option to object and have data deleted

Cookies are stored on the user’s computer, which then transmits them to our site. This means that you, as the user, have full control over how cookies are used. By changing the settings of your web browser, you can disable or limit the transmission of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are disabled for our website it may not be possible to take full advantage of all its features.

You can find more detailed information on Google software under the following link: https://policies.google.com/technologies/partner-sites.

X Rights of the data subject


If your personal data is processed, you are the data subject within the meaning of the GDPR, and are entitled to exercise the following rights with respect to the data controller:

1. Right of access

You can obtain confirmation from the controller as to whether or not we are processing personal data concerning you.

If such data is being processed, you can request access to the following information:

  1. the purposes of processing the personal data;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  4. the envisaged period for storing the personal data concerning you, or, if this is not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. any available information as to the source of data, if the personal data have not been collected from the data subject;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed whether the personal data concerning you have been transferred to a third country or an international organisation. In such situations, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 of the GDPR relating to the transfer.

2. Right to rectification

If the personal data concerning you that is being processed is inaccurate or incomplete, you have the right to have the data controller rectify or complete it. The data controller must carry out the rectification without undue delay.

3. Right to restriction of processing

You may request for the processing of personal data concerning you to be restricted under the following conditions:

  1. when you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or
  4. when you have objected to processing pursuant to Art. 21(1) of the GDPR and it has not yet been verified whether the legitimate grounds of the controller override yours.

Where processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the above provisions, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Duty to erase

You can request from the controller the erasure of personal data concerning you without undue delay and the controller shall be obliged to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  2. you withdraw the consent on which the processing is based according to point (a) of Art. 6(1), or point (a) of Art. 9(2) of the GDPR, and where there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2).
  4. The personal data concerning you have been unlawfully processed.
  5. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  6. the personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.

b) Passing information on to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) of the GDPR to erase this personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Art. 9(3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with point f of Art. 89(1) the GDPR in so far as the right referred to in point a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have exercised your right to rectification, erasure or restriction against the data controller, they are obliged to communicate any rectification or erasure of the personal data concerning you or restriction of processing to each recipient to whom such data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to demand that the data controller inform you about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. the processing is based on consent pursuant to point (a) of Art. 6(1) or point (a) of Art. 9(2) of the GDPR or on a contract pursuant to point (b) of Art. 6(1) of the GDPR; and
  2. the processing is carried out by automated means.

In exercising this right, the you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the GDPR, you, on grounds relating to your particular situation, also have the right to object to processing of personal data concerning you.

Your right to object can be restricted if it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to withdraw a declaration of consent made under data protection law

You have the right to withdraw your declaration of consent made under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between you and a data controller;
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However these decisions shall not be based on special categories of personal data referred to in Art. 9(1) of the GDPR, unless point (a) or (g) of Art. 9(2) of the GDPR apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard the your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

 The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.