Skip to content

Privacy Policy

Status: March 2024

The protection of your personal data is important to us. We have taken all technical and organisational measures to ensure that we and our service providers comply with the data protection regulations in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other legal regulations.

The following information on data protection is intended to inform you about our handling of the collection, use, processing and disclosure of your personal data.

1. Name and address of the controller and scope of application

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

RLE Mobility GmbH (hereinafter referred to as RLE)
Brodhausen 1
51491 Overath

Phone + +49 (0) 22 04 | 97 25-0
mobility@rle.de

This data protection notice applies to the website that can be accessed under the domain https://rle-mobility.de/ as well as the various subdomains and associated domains (hereinafter referred to as “RLE Mobility websites” or “this website”).

2. Contact details of the data protection officer

If you have any further questions about the collection, processing and use of your personal data, please contact our data protection officer: 

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
Munich, Germany

E-mail: datenschutzbeauftragter@datenschutzexperte.de

3. Definitions

RLE’s data protection information is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection information should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this data protection notice:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

k) Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4 Use of the RLE Mobility websites

a.    Scope of the processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • (1) Information about the browser type and version used
  • (2) The IP address of the user (only anonymised)
  • (3) Date and time of access
  • (4) Request method, URL called up and version of the HTTP protocol
  • (5) Result value of the request (HTTP status code) and the size of the request
  • (6) Websites from which the user’s system accesses our website
  • (7) Websites that are accessed by the user’s system via our website

The data is also stored in the log files of our system. This does not affect the user’s IP addresses or other data that allows the data to be assigned to a user. This data is not stored together with other personal data of the user or is only stored in anonymised form.

b.    Legal basis

The legal basis for the temporary storage of data is the legitimate interest (Art. 6 para. 1 lit. f GDPR).

c.    Purpose of the processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

d.    Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after 60 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

e.    Objection and removal options

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

5. web analysis through Google Analytics 4

a.    Scope of the processing

We use Google Analytics 4 on our website, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), with which the use of websites can be analysed.

The software places a cookie on the user’s computer (for cookies, see above). If individual pages of our website are accessed, the following data is stored

  • Two bytes of the IP address of the user’s accessing system
  • The website accessed
  • The website from which the user accessed the website (referrer)
  • The subpages that are accessed from the accessed website
  • The time spent on the website
  • The frequency with which the website is accessed

The software runs exclusively on the servers of RLE or on the servers of contracted service providers. Users’ personal data is only stored there. The data is not passed on to third parties.

The software is set so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

b.    Legal basis

The legal basis for the processing of the data is your explicit consent (Art. 6 para. 1 lit. a GDPR) of the user (based on the cookie settings) for the collection of user-related statistical analyses. All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the end device you use to access the website, will only take place if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your use of the website.

c.    Purpose of the data processing

The processing of users’ personal data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.

d.    Duration of storage

The data will be deleted as soon as it is no longer required for our recording purposes.

Exact time of automated deletion: 14 months after recording.

e.    Possibility of objection and removal

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

f.     Further information

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics 4 from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics 4 can be deleted at any time via an Internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics 4 relating to the use of this website. To do this, the data subject must set “Do Not Track” in their browser.

With the setting of the opt-out cookie, however, there is the possibility that the websites of the controller are no longer fully usable for the data subject.

In connection with this website, the “UserIDs” function is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google create cross-device reports (so-called “cross-device tracking”). This means that if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, your usage behaviour can also be analysed across devices if you have set up a personal account by registering on this website and are logged in to your personal account on different devices with your relevant login data. The data collected in this way shows, among other things, on which device you clicked on an advert for the first time and on which device the relevant conversion took place.

We have concluded a so-called order processing contract with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.

As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at the following link https://policies.google.com/privacy

Details on the processing triggered by Google Analytics 4 and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

6 Use of cookies on the websites of RLE Mobility

a.    Scope of processing

The RLE Mobility websites use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

All details on the use of cookies can be viewed via the integrated tool. The “Cookie Policy” link (https://rle-mobility.de/cookie-policy-eu/ ) lists all cookies grouped by category. Non-essential cookies are deactivated by default in accordance with the privacy-by-default principle.

The following screenshots show the tool on the start screen when the website is first accessed and in the privacy settings with detailed information on all cookies.

The cookies are divided into the following categories:

Technically necessary (“Necessary”)

These are strictly necessary cookies that are required to enable you to move around a website and use its features. Without these cookies, some functionalities cannot be guaranteed.

Performance (“Statistics”)

Performance cookies collect information about how a website is used – for example, which pages a visitor accesses most frequently and whether they receive error messages from a page. These cookies do not store any information that allows the user to be identified. The information collected is aggregated and therefore analysed anonymously. These cookies are used exclusively to improve the performance of a website and thus the user experience.

Third-party providers (“marketing”)

Third-party cookies are created by embedded plugins or add-ons on our website.

b.    Legal basis

The legal basis for the processing of personal data using technically necessary cookies is legitimate interest (Art. 6 para. 1 lit. f GDPR).

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this.

c.    Purpose of the processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles.

Performance cookies are used for the purpose of improving the quality of our website and its content. These statistics tell us how the website is used and enable us to constantly optimise our offering.

d.    Duration of storage

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

The preset expiry time and further information on the respective cookies can be found in the list of the tool as described in the process.

e.    Further options for restriction by the user

Users can also take the following steps to switch on the “Do-Not-Track” function in common browsers:

Firefox:

https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Chrome:

https://support.google.com/chrome/answer/2790761

Edge:

https://privacy.microsoft.com/de-de/windows-10-microsoft-edge-and-privacy

Tracking Prevention in Microsoft Edge (Chromium) – Microsoft Edge Development | Microsoft Docs

Safari:

https://support.apple.com/de-de/guide/safari/sfri40732/mac

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

Firefox:

https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome:

http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari:

https://support.apple.com/de-de/guide/safari/ibrw850f6c51/mac

Please note that if you do not accept cookies, the functionality of our website may be limited.

7 Use of the contact form on the websites of RLE Mobility GmbH

a.    Scope of the processing

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are

  • Name
  • E-mail address
  • Message

The following data is also stored at the time the message is sent:

  • Alternatively, it is possible to contact us via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation

b.    Legal basis

The legal basis for the processing of the data is the legitimate interest (Art. 6 para. 1 lit. f GDPR).

The legal basis for the processing of data transmitted in the course of sending an e-mail is also the legitimate interest (Art. 6 para. 1 lit. f GDPR). If the e-mail contact is aimed at the conclusion of a contract, the legal basis for the processing is the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

c.    Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

d.    Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Objection and removal options

The user has the option to object to the storage of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

8. data security

RLE and all processors used maintain up-to-date technical and organisational measures (“TOM”) to ensure data security, in particular to protect your personal data from risks during data transfers and from third parties gaining knowledge of it. These are adapted to the current state of the art.

9. Technical and organisational measures (“TOM”)

A detailed overview of the current technical and organisational measures used for the respective data processing can be provided at any time on request.

10. hosting and subcontractors

a. Overview of the processors

Company Incl. addressProcessing / PurposeType of dataLocation of
data storage
Categories of
affected parties
WEBEMPRESA  C/ Almagro 11 6º 7ª 1 . 28010 MadridStorage of data for website hostingWebsite DataSpainUser of the Website
     

b.    Further information on Webempresa

RLE uses the services of the company “Webempresa, C/ Almagro 11 6º 7ª 1 . 28010 Madrid” to operate the websites at https://rle-mobility.de/

A web hosting provider provides the technical infrastructure, such as servers, databases, web space, FTP access and similar, which are required to operate a website. This means that personal data collected directly by RLE in the course of visiting the RLE Mobility websites is stored in databases whose infrastructure is provided by Webempresa.

Webempresa’s privacy policy can be viewed at https://www.webempresa.com/aviso-legal.html

11. Transfer of data to third parties or to a third country

Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to comply with the provisions of the current data protection laws. Access to personal data by our employees is restricted to those employees who require the respective data due to their professional duties.

12. Links

If you use external links that are offered on our website, this data protection declaration does not extend to these links.

If we offer links to other websites, we endeavour to ensure that these also comply with our data protection and security standards. However, we have no influence on compliance with data protection and security regulations by other providers. Therefore, please inform yourself on the websites of the other providers about the data protection declarations provided there.

13. Your rights / rights of the data subjects

The following list includes all rights of data subjects under the GDPR. Rights that are not relevant to your own website do not have to be mentioned. In this respect, the list can be shortened.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

a.    Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can request the following information from the controller:

  • (1) the purposes for which the personal data are processed;
  • (2) the categories of personal data being processed
  • (3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
  • (4) the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
  • (5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
  • (6) the existence of a right to lodge a complaint with a supervisory authority
  • (7) all available information about the origin of the data if the personal data is not collected from the data subject
  • (8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

b.    Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must carry out the rectification without undue delay.

c.    Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions

  • (1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
  • (3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  • (4) if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

d.    Right to erasure

a) Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • (1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • (2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
  • (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • (4) The personal data concerning you has been processed unlawfully.
  • (5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • (6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not apply if the processing is necessary

  • (1) for exercising the right of freedom of expression and information;
  • (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • (3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • (5) for the establishment, exercise or defence of legal claims.

e.    Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

f.     Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

  • (1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  • (2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g.    Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

h.    Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

i.      Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • (1) is necessary for the conclusion or fulfilment of a contract between you and the controller
  • (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • (3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

As a responsible company, we do not use automated decision-making or profiling.

j. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

14. Miscellaneous

Parts of this Privacy Policy have been generated by the Privacy Policy Generator of the DGD – Your External DPO that was developed in cooperation with German Lawyers from WILDE BEUGER SOLMECKE, Cologne.

15. amendment of our data protection provisions

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments or legal changes. In such cases, we will also adapt our data protection information accordingly. Please therefore refer to the latest version of our data protection policy.