Privacy Policy in Accordance with GDPR

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:

Grollmus GmbH
Geisenheimerstr. 2
65239 Hochheim am Main
Germany

Phone: +49 6146 82828-0
Email: kontakt@grollmus.de
Website: www.grollmus.de

The Data Protection Officer of the controller is:

Marcel Stein
Geisenheimerstr. 2
65239 Hochheim am Main

Phone: +49 6146 82828-0
Email: kontakt(at)grollmus.de

1. Scope of Processing of Personal Data
We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by legal regulations.

2. Legal Basis for the Processing of Personal Data
If we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In cases where processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party, and these interests are not overridden by the interests, fundamental rights, or freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for processing.

(1) Security Measures

In accordance with legal requirements, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. This takes into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.
These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, availability assurance, and separation of the data. Additionally, we consider the protection of personal data in the development or selection of hardware, software, and procedures based on the principles of data protection by design and privacy-friendly default settings.

a) IP Address Anonymization: Where possible, or if the storage of IP addresses is not necessary, we shorten or anonymize your IP address. In the case of IP address anonymization, also referred to as “IP masking,” the last octet, i.e., the last two numbers of an IP address, is deleted (the IP address in this context is a unique identifier assigned to an internet connection by the online access provider). The purpose of shortening the IP address is to prevent or significantly impede the identification of a person based on their IP address.

b) SSL Encryption (https): To protect the data transmitted via our online offering, we use SSL encryption. You can recognize encrypted connections by the prefix “https://” in your browser's address bar.

(2) Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to exist. Storage may also occur if required by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the mentioned regulations expires unless there is a necessity for further storage of the data for a contract conclusion or fulfillment.

1. Provision of the Website and Creation of Log Files
Each time our website is accessed, our system automatically collects data and information from the accessing computer system.

The following data is collected:
Information about the browser type and version used

(1) The user’s operating system
(2) The user’s Internet service provider
(3) The user’s IP address
(4) Date and time of access
(5) Websites from which the user’s system reaches our website
(6) Websites accessed by the user’s system via our website

The log files contain IP addresses or other data that could allow attribution to a user. This might occur, for example, if the link to the website from which the user accesses our website or the link to the website the user navigates to contains personal data.

The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not occur.

2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. The data also helps us optimize the website and ensure the security of our IT systems. In this context, no evaluation of the data for marketing purposes takes place.

These purposes constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.

4. Duration of Storage
The data is deleted as soon as it is no longer required for the purpose of its collection. In the case of data collection for the provision of the website, this occurs when the session ends.

In the case of data storage in log files, this occurs after a maximum of seven days. Extended storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that attribution to the accessing client is no longer possible.

5. Objection and Removal Options
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, the user has no possibility to object.

1. General Cookies

(1) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again.

Additionally, we use cookies on our website that enable an analysis of the user’s surfing behavior.

The following data may be transmitted in this way:

(1) Entered search terms
(2) Frequency of page visits
(3) Use of website functions

The data collected in this way is pseudonymized through technical measures. Therefore, it is no longer possible to attribute the data to the accessing user. The data is not stored together with other personal data of the user.

When accessing our website, the user is informed about the use of cookies for analysis purposes, and their consent to the processing of personal data in this context is obtained. A reference to this privacy policy is also made in this process.

(2) Legal Basis for Data Processing

The legal basis for processing personal data using technically necessary cookies is Article 6(1)(f) GDPR.

The legal basis for processing personal data using cookies for analysis purposes, given the user’s consent, is Article 6(1)(a) GDPR.

(3) Purpose of Data Processing
The use of analysis cookies is aimed at improving the quality of our website and its contents. Through analysis cookies, we learn how the website is used and can thus continuously optimize our offerings.

These purposes also constitute our legitimate interest in processing personal data under Article 6(1)(f) GDPR.

(4) Duration of Storage, Objection, and Removal Options
Cookies are stored on the user’s computer and transmitted to our site. As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all functions of the website fully

2. Facebook-Pixel

(1) Description and Scope of Data Processing
We use the “Facebook Pixel” from the social network Facebook on our website. This is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are an EU resident, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When you visit a page on our website containing the Facebook Pixel, a direct connection is established to Facebook servers. The content of the pixel is transmitted by Facebook directly to your browser and integrated into the corresponding page. Even if you do not have a profile or are not logged in, Facebook receives information that you have visited the corresponding page of our website. This information is transmitted directly from your browser to a Facebook server and stored there. If you are logged into Facebook, the provider can directly associate your visit to our website with your Facebook profile.

Through the Facebook Pixel, Facebook can identify you as a visitor of our online offering as a target audience for displaying advertisements (Facebook Ads). We receive only statistical data from Facebook without any reference to specific individuals.

(2) Legal Basis for Data Processing
The legal basis for processing personal data using the Facebook Pixel for analysis purposes, given the user’s consent, is Article 6(1)(a) GDPR.

(3) Purpose of Data Processing
The collection of the above-mentioned data helps ensure that our Facebook ads correspond to the potential interests of users and are not annoying. Additionally, the Facebook Pixel enables us to measure the effectiveness of Facebook ads for statistical and market research purposes by determining whether users are redirected to our website after clicking on a Facebook ad.

(4) Dauer der Speicherung
For information on the storage duration, please refer to Facebook’s Data Policy https://www.facebook.com/policy.php.

(5) Widerspruchs- und Beseitigungsmöglichkeiten
You can object to the collection of data via the Facebook Pixel for the display of Facebook ads at any time. If you are logged into Facebook, you can adjust your ad settings independently at https://www.facebook.com/adpreferences/advertisers/ Refer to the guidelines on settings for usage-based advertising. If you do not want Facebook to directly associate the data collected through our website with your profile, you must log out of Facebook before visiting our website. You can also entirely prevent the loading of the Facebook Pixel using browser add-ons, such as the “NoScript” script blocker (https://noscript.net).

For more information about Facebook’s data privacy, we recommend visiting their Data Policy at https://www.facebook.com/policy.php.

1. Description and Scope of Data Processing
On our website, it is possible to subscribe to a free newsletter. During the registration process, the data entered in the input form is transmitted to us.

The following data is collected:

• First name, last name
• Company
• Email address
• Street
• Postal code
• City

Additionally, the following data is collected during registration:

(1) Date and time of registration

During the registration process, your consent is obtained for processing the data, and reference is made to this privacy policy.

If you purchase goods or services on our website or submit a contact form and provide your email address, this may subsequently be used by us to send a newsletter. In such cases, the newsletter will exclusively contain direct advertising for our own similar goods or services.

There is no transfer of data to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Legal Basis for Data Processing
The legal basis for processing the data after the user subscribes to the newsletter is Article 6(1)(a) GDPR, provided the user's consent is obtained.

The legal basis for sending the newsletter as a result of the sale of goods or services is § 7(3) UWG (German Act Against Unfair Competition).

3. Purpose of Data Processing
The collection of the user's email address serves the purpose of delivering the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

4. Duration of Storage
The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. The user's email address will be stored as long as the newsletter subscription is active.

Other personal data collected during the registration process is usually deleted after a period of seven days.

5. Objection and Removal Options
The newsletter subscription can be canceled by the user at any time. A corresponding link is included in every newsletter for this purpose.

Canceling the subscription also revokes the consent for the storage of the personal data collected during the registration process.

1. Description and Scope of Data Processing
Users of a trial or full version of the Factory Automation Studio must authenticate the version they are using by entering a license key provided by us. Once the license key is entered for the first time, it is cached. Upon initial entry and each time the Factory Automation Studio is launched, the license key and additional data for verification are transmitted to us. During the use of the Factory Automation Studio, the following data is collected, which is necessary for verifying license compliance:

• License key
• User domain name
• Computer name
• Windows username
• Country
• City

At the time of launching the Factory Automation Studio, the following data is also stored:

(1) Date and time of registration

As part of the installation process, user consent for the processing of this data is obtained through acceptance of the user agreement

2. Legal Basis for Data Processing
Data processing is based on the user’s consent pursuant to Art. 6(1)(a) GDPR, as well as for the fulfillment of a contract pursuant to Art. 6(1)(b) GDPR.

Additionally, processing takes place in accordance with our legitimate interests pursuant to Art. 6(1)(f) GDPR, namely to ensure the proper use of our software products and to prevent misuse by verifying license compliance.

3. Purpose of Data Processing
The collection of the aforementioned data serves to verify the validity of the license used and to ensure compliance with the agreed terms of use.

Furthermore, it serves to protect our rights and prevent license violations or unlawful use.

4. Duration of Storage
The collected data is stored for a period of 90 days and then automatically deleted, unless legal retention obligations or other legitimate reasons require a longer storage period.

For example, extended storage may be necessary if the data is required for the fulfillment of a contract or to meet legal obligations.

5. Right to Object and Deletion Options
As a user, you have the right to object to the storage and processing of your data related to license verification at any time. Please note that an objection may result in the inability to perform license verification, and the software may no longer function properly.

Please also note that data storage is necessary to ensure license compliance, and deletion before the 90-day period is only possible if there are no legal or contractual retention obligations.

1. Description and Scope of Data Processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input form, transmitted to us, and stored. The data will not be passed on to third parties. The following data is collected during the registration process:

• Salutation
• Title
• Name
• Company
• Department
• Position
• Street address
• Postal code
• City
• Telephone number
• Fax number
• Email address

At the time of starting the Factory Automation Studio, the following data is also stored:
(1) Date and time of program launch

During the installation process, the user's consent to the processing of this data is obtained by confirming the user agreement.

2. Legal Basis for Data Processing
The legal basis for processing the data is the user's consent in accordance with Article 6(1)(a) GDPR.

If the registration is carried out for the purpose of fulfilling a contract to which the user is a party or for taking pre-contractual measures, an additional legal basis for processing the data is Article 6(1)(b) GDPR.

3. Purpose of Data Processing
User registration is necessary to fulfill a contract with the user or to carry out pre-contractual measures.

The contract refers to the registration for our training courses, for which we require the user's personal data.

4. Duration of Data Storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For data collected during the registration process for the fulfillment of a contract or pre-contractual measures, this is the case when the data is no longer necessary for the execution of the contract. Even after the contract has been fulfilled, there may be a necessity to store the personal data of the contractual partner in order to meet contractual or legal obligations.

5. Right to Object and Deletion
As a user, you may cancel your registration at any time. You may also request that your stored data be modified at any time.

If the data is required to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible provided that no contractual or legal obligations prevent such deletion.

1. Description and Scope of Data Processing
Our website includes a contact form that can be used for electronic communication. If a user utilizes this option, the data entered into the input form is transmitted to us and stored. This data includes:

• Salutation
• Title
• Name
• Company
• Department
• Position
• Street
• Postal code
• City
• Phone
• Fax
• Email

At the time of message submission, the following data is also stored:

(1) Date and time of registration

During the submission process, the user's consent is obtained for processing the data, and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the user’s personal data transmitted with the email is stored.

No data is passed on to third parties in this context. The data is used exclusively for processing the conversation.

2. Legal Basis for Data Processing
The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact aims to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of Data Processing
The processing of personal data from the input form is solely for handling the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

Other personal data processed during the submission process serves to prevent misuse of the contact form and ensure the security of our IT systems.

4. Duration of Storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data entered into the contact form and data sent via email, this is the case when the respective conversation with the user is concluded. A conversation is considered concluded when it can be inferred from the circumstances that the matter has been fully resolved.

Additional personal data collected during the submission process is deleted no later than seven days after collection.

5. Objection and Removal Options
The user may revoke their consent to process personal data at any time. If the user contacts us via email at widerruf@grollmus.de, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

1. Scope of Processing of Personal Data
We use the Google Analytics software tool on our website to analyze user browsing behavior. The software places a cookie on the user’s computer (see the section on cookies above). When individual pages of our website are accessed, the following data is stored:

(1) Two bytes of the IP address of the user’s accessing system
(2) The accessed webpage
(3) The website from which the user reached the accessed webpage (referrer)
(4) The subpages accessed from the accessed webpage
(5) The time spent on the webpage
(6) The frequency of webpage access

The collected information is typically transferred to a Google server in the United States and stored there. However, due to IP anonymization on this website, the IP address is shortened before transfer in member states of the European Union or other contracting states to the Agreement on the European Economic Area. In exceptional cases, the full IP address may be transmitted to a Google server in the United States and shortened there.

Google does not merge the anonymized IP address transmitted by Google Analytics with other data.

To prevent the collection and processing of data generated by the cookie and related to your use of the website (including your IP address) by Google, you can download the browser plugin available at:
http://tools.google.com/dlpage/gaoptout?hl=de

The software is configured to mask two bytes of the IP address (e.g., 192.168.xxx.xxx). This prevents the shortened IP address from being attributed to the accessing computer.

2. Legal Basis for Processing Personal Data
The legal basis for processing the user’s personal data is Article 6(1)(f) GDPR.

3. Purpose of Data Processing
The processing of users’ personal data enables us to analyze their browsing behavior. By evaluating the obtained data, we can compile information about the usage of various components of our website. This helps us continuously improve our website and its user-friendliness.

This purpose also constitutes our legitimate interest in processing the data under Article 6(1)(f) GDPR. By anonymizing IP addresses, we adequately protect users' interests in safeguarding their personal data.

4. Duration of Storage
The data is deleted as soon as it is no longer needed for our recording purposes.

5. Objection and Removal Options
Cookies are stored on the user’s computer and transmitted to our site. As a user, you have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies already stored can be deleted at any time. This process can also be automated. If cookies are disabled for our website, it may not be possible to fully use all functions of the website.

For more information about terms of use and data protection, visit www.google.com/analytics/terms/de.html and www.google.de/intl/de/policies/. Please note that this website uses Google Analytics with the extension "anonymizeIp" to ensure anonymized collection of IP addresses (so-called IP masking).

In the course of processing personal data, it may occur that data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of such data may include, for example, payment institutions for transaction processing, IT service providers, or providers of services and content integrated into a website. In these cases, we comply with legal requirements and enter into contracts or agreements with the recipients of your data that specifically serve to protect your data.

We may also share your personal data with third parties when our services are offered or provided jointly with partners or service providers, such as in the context of online training sessions. In these cases, data is shared based on your consent, to perform a contract with you, or to safeguard our legitimate interests pursuant to Article 6(1)(a), (b), and/or (f) GDPR. Further information will be provided when you use the respective service or in connection with the specific processing activity.

Data Transmission Within the Organization:
We may transmit personal data to other entities, companies, legally independent organizational units, or individuals within our organization, or grant them access to this data. Data sharing within our organization, especially with affiliated companies, occurs for services we offer, such as online training sessions, for sales and marketing purposes based on our legitimate interests under Article 6(1)(f) GDPR.

When data sharing occurs for administrative purposes, it is based on our legitimate corporate and business interests (Article 6(1)(f) GDPR), the necessity to fulfill contractual obligations (Article 6(1)(b) GDPR), the consent of the data subject (Article 6(1)(a) GDPR), or a legal authorization.

If your personal data is processed, you are considered a data subject under the GDPR, and you have the following rights concerning the controller:

1. Right to Access
You have the right to request confirmation from the controller about whether personal data concerning you is being processed.

If such processing is taking place, you can request information about the following:

The purposes of the processing;

(1) The categories of personal data processed;
(2) The recipients or categories of recipients to whom your personal data has been or will be disclosed;
(3) The planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration;
(4) The existence of rights to rectify, delete, or restrict the processing of your personal data, as well as the right to object to such processing;
(5) The existence of a right to lodge a complaint with a supervisory authority;
(6) All available information about the source of the data, if it was not collected from you;
(7) The existence of automated decision-making, including profiling, under Article 22(1) and (4) GDPR and, at least in such cases, meaningful information about the logic involved, as well as the significance and anticipated consequences of such processing.

You also have the right to request information about whether your personal data is transferred to a third country or an international organization. In this context, you may request information about the appropriate safeguards pursuant to Article 46 GDPR.

2. Right to Rectification
You have the right to request that the controller correct or complete any inaccurate or incomplete personal data concerning you. The controller must make the correction without undue delay.

3. Right to Restriction of Processing
You can request the restriction of processing of your personal data under the following conditions:

(1) You contest the accuracy of your personal data for a period that allows the controller to verify its accuracy;
(2) The processing is unlawful, and you oppose the deletion of the data, requesting instead the restriction of its use;
(3) The controller no longer needs the data for processing purposes, but you require it for establishing, exercising, or defending legal claims;
(4) You object to the processing pursuant to Article 21(1) GDPR and verification of whether the controller’s legitimate grounds override yours is pending.

Where processing has been restricted, the data may only be processed, except for storage, with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

You will be informed by the controller before any restriction is lifted.

4. Right to Erasure (Right to Be Forgotten)
a) Obligation to Delete

You have the right to request that the controller delete your personal data without undue delay, and the controller is obligated to delete such data if any of the following apply:

(1) The data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based under Article 6(1)(a) or Article 9(2)(a) GDPR, and no other legal basis exists for the processing.
(3) You object to processing under Article 21(1) GDPR and there are no overriding legitimate grounds for processing, or you object under Article 21(2) GDPR.
(4) Your personal data was unlawfully processed.
(5) The data must be erased to comply with a legal obligation under Union or Member State law.
(6) The data was collected in relation to the offer of information society services under Article 8(1) GDPR.

b) Information to Third Parties

If the controller has made your personal data public and is obligated to delete it under Article 17(1) GDPR, the controller must take reasonable measures, including technical ones, to inform processors of your request to delete all links to, copies, or replications of that personal data.

c) Exceptions

The right to erasure does not apply where processing is necessary for:

(1) Exercising the right of freedom of expression and information;
(2) Compliance with a legal obligation requiring processing under Union or Member State law;
(3) Public interest reasons in public health under Article 9(2)(h) and (i) and Article 9(3) GDPR;
(4) Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes under Article 89(1) GDPR, where the right to erasure would seriously impair the achievement of the processing's objectives;
(5) Establishing, exercising, or defending legal claims.

5. Right to Notification
If you have exercised your right to rectification, erasure, or restriction of processing, the controller must communicate this to all recipients of your personal data unless this proves impossible or involves disproportionate effort.

You also have the right to be informed about these recipients.

6. Right to Data Portability
You have the right to receive the personal data you provided to the controller in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, provided:

(1) The processing is based on consent under Article 6(1)(a) or Article 9(2)(a) GDPR or a contract under Article 6(1)(b) GDPR, and
(2) The processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions.

The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You also have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

8. Recht auf Widerruf der datenschutzrechtlichen Einwilligungserklärung
You have the right to withdraw your consent to data processing at any time. This does not affect the lawfulness of processing carried out based on your consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) Is necessary for entering into, or the performance of, a contract between you and the controller;
(2) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) Is based on your explicit consent.

Such decisions must not be based on special categories of personal data under Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR applies, and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

For cases referred to in (1) and (3), the controller shall implement appropriate measures to safeguard your rights and freedoms and legitimate interests. At a minimum, these include the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, workplace, or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform you of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.