Kienast & Holzner - Hochpräzise Drehteile

PRIVACY POLICY

Introduction

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to briefly as “data”) that we process, the purposes of processing, and the extent of such processing. This privacy policy applies to all processing of personal data conducted by us, both in the context of providing our services and on our website, as well as on external online presences, such as job platforms (e.g.: willhaben) (hereinafter collectively referred to as the “online offering”).

Terms used in this policy are not gender specific. As of 2023

Controller

Managing Director: Joachim Venus Kienast & Holzner GmbH & CoKG
Seeböckgasse 4, 1160 Vienna, Austria

Authorized representative and data protection officer: Joachim Venus Email address: office@kienast-holzner.com See imprint (imprint can be found on the website).

Website: www.kienast-holzner.com

Types of Processed Data

The following overview summarizes the types of data processed, the purposes of their processing, and the individuals affected:

1. Inventory Data

2. Contact Data

3. Content Data

4. Usage Data

5. Meta-/Communication Data

6. Applicant Data

Categories of Affected Persons

1. Customers

2. Employees

3. Prospective Customers

4. Communication Partners

5. Users

6. Applicants

Purposes of Processing

1. Handling of Contact Inquiries and Communication

2. Security Measures

3. Office and Organizational Procedures

4. Management and Response to Inquiries

5. Application Procedures

6. Feedback

7. Information Technology Infrastructure

Relevant Legal Bases

Below, you will find an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please be aware that, in addition to the provisions of the GDPR, national data protection regulations in your respective country of residence or establishment may apply. If more specific legal bases are relevant in individual cases, we will inform you of such in the privacy policy.

1. Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for specific purposes or multiple specified purposes.

2. Contractual Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or for taking pre-contractual steps at the data subject’s request.

3. Legitimate Interests (Art. 6(1)(f) GDPR) – The processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection laws in Austria apply. This includes the Federal Act on the Protection of Individuals regarding the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific provisions, especially concerning the right to information, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes, transmission, and automated individual decision-making.

Security Measures

We implement appropriate technical and organizational measures, in accordance with legal requirements and considering the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures particularly include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the related access, input, disclosure, availability, and separation of the data. Moreover, we have established procedures to ensure the exercise of data subject rights, the erasure of data, and responses to data threats. Additionally, we take data protection into account when developing or selecting hardware, software, and procedures, following the principle of privacy by design and privacy-friendly default settings.

SSL Encryption (https): To protect data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the “https://” prefix in the address bar of your browser.

Transmission of Personal Data

During our processing of personal data, it may be necessary to transmit or disclose the data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include IT service providers entrusted with specific tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of using services from third parties or disclosing/transmitting data to other individuals, entities, or organizations, we do so in accordance with legal requirements.

Subject to explicit consent or contractual or legal requirements for transmission, we only process or allow the processing of data in third countries with a recognized level of data protection. This can be achieved through contractual obligations based on so-called EU Commission’s standard data protection clauses, certifications, or binding corporate rules (Articles 44 to 49 of the GDPR). For more information, you can visit the EU Commission’s information page:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.

Deletion of Data

The data we process will be deleted in accordance with legal requirements once the consent for their processing is revoked or other permissions no longer apply (e.g., when the purpose for processing such data has ceased to exist or when they are no longer necessary for the intended purpose). If the data is not deleted because it is required for other lawful purposes, its processing will be restricted to those specific purposes. This means the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or for data whose storage is necessary for the assertion, exercise, or defence of legal claims, or to protect the rights of another natural or legal person.

In our privacy policy, we may provide users with additional information about the deletion and retention of data, specifically applicable to the respective processing processes.

Use of Cookies

Cookies are small text files or other storage information that store and retrieve data on end devices. For example, they may store login status in a user account, shopping cart contents in an online shop, or information about accessed content and utilized features of an online offering. Cookies can serve various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as analysing visitor traffic.

Consent Information: We use cookies in compliance with legal regulations. Therefore, we obtain prior consent from users, unless it is not legally required. Consent is not necessary when storing and retrieving information, including cookies, is strictly necessary to provide users with a tele media service (i.e., our online offering) explicitly requested by them. Revocable consent is clearly communicated to users and includes information about the respective cookie usage.

Information about Data Protection Legal Bases: The processing of users’ personal data by cookies depends on whether we ask users for their consent. If users give their consent, the legal basis for processing their data is the stated consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the efficient operation of our online offering and improving its usability) or, if the use of cookies is necessary for fulfilling our contractual obligations, the processing is based on fulfilling those contractual obligations. The specific purposes for which we process cookies will be clarified in this privacy policy or as part of our consent and processing procedures.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

1. Temporary Cookies (also known as Session or Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).

2. Persistent Cookies: Persistent cookies remain stored even after closing the end device. For example, login status or preferred content can be saved and displayed directly when the user revisits a website. Data collected from users through cookies can also be used for audience measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are persistent, and the storage duration may be up to two years.

General Information about Withdrawal and Objection (Opt-Out): Users can revoke their given consent at any time and object to the processing in accordance with the legal requirements of Article 21 of the GDPR. Users can declare their objection through the settings of their browser, for example, by deactivating the use of cookies (though this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared through the websites:

https://optout.aboutads.info and https://www.youronlinechoices.com/.

Further Information on Processing Processes, Procedures, and Services:

Processing of Cookie Data Based on Consent: We use a cookie consent management system, within which users’ consent to the use of cookies, as well as the processing and providers mentioned in the context of the cookie consent management process, can be obtained, managed, and revoked by the users. The consent declaration is stored to avoid repeating the consent request and to comply with legal obligations to provide evidence of consent. This storage can be done server-side and/or in a cookie (known as an opt-in cookie or using similar technologies) to associate the consent with a user or their device. Subject to individual information about the providers of cookie management services, the following notes apply: The duration of consent storage can be up to two years. A pseudonymous user identifier is created, and the time of consent, details of the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used, are stored.

Provision of the Online Offering and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Processed Data Types: Usage Data (e.g., visited web pages, interest in content, access times); Meta-/Communication Data (e.g., device information, IP addresses). Data Subjects: Users (e.g., website visitors, users of online services). Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices, such as computers, servers, etc.); Security measures. Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).

Further Information on Processing Processes, Procedures, and Services:

Provision of Online Offering on Rented Server Space: For the provision of our online offering, we use server space, computing capacity, and software that we rent or obtain from a corresponding server provider (also known as “web hoster”); Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR).

Collection of Access Data and Log Files: Access to our online offering is logged in the form of “server log files.” Server log files may include the address and name of accessed web pages and files, date, and time of access, transferred data volume, indication of successful access, browser type and version, user’s operating system, referrer URL (previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, such as avoiding server overload (especially in the case of abusive attacks, known as DDoS attacks), and for ensuring the server’s load and stability; Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR); Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes is exempted from deletion until the final clarification of the respective incident.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, telephone, or social media) or in the context of existing user and business relationships, the information provided by the inquiring individuals will be processed to the extent necessary to respond to the contact inquiries and any requested measures.

The response to contact inquiries and the management of contact and inquiry data within the scope of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre-)contractual inquiries. Furthermore, it is based on the legitimate interests in answering inquiries and maintaining user or business relationships.

Processed Data Types: Contact Details (e.g., email, phone numbers); Content Data (e.g., input in online forms); Usage Data (e.g., visited web pages, interest in content, access times); Meta-/Communication Data (e.g., device information, IP addresses). Data Subjects: Communication Partners. Purposes of Processing: Provision of contractual services and customer support; Handling of contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness. Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing Processes, Procedures, and Services:

Contact Form: When users contact us through our contact form, email, or other communication channels, we process the data provided to us in this context to handle the respective inquiry. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships, to the extent necessary for their fulfilment, and based on our legitimate interests as well as the interests of the communication partners in responding to inquiries and fulfilling our legal retention obligations; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Application Process

The application process requires applicants to provide us with the necessary data for their evaluation and selection. The information required is specified in the job description or, in the case of online forms, indicated therein.

In general, the required information includes personal details such as name, address, contact information, as well as evidence of the qualifications necessary for the position. Upon request, we are happy to provide additional information about the required details.

If provided, applicants can submit their applications through an online form. The data is transmitted to us encrypted in accordance with the state of the art. Applicants can also send their applications via email. However, please note that emails sent over the internet are generally not encrypted. While emails are typically encrypted during transmission, they are not encrypted on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission of the application between the sender and our server.

For applicant search, receiving applications, and selecting candidates, we may use applicant management or recruitment software and platforms, as well as services provided by third-party providers, while complying with legal requirements.

Applicants are welcome to contact us to inquire about the preferred method of submitting their applications or to send their applications by postal mail.

Processing of Special Categories of Data:

If special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data, such as severe disability status or ethnic origin) are requested from applicants as part of the application process, this processing is carried out in accordance with Art. 9(2)(b) GDPR, for the purposes of exercising rights and fulfilling obligations in the field of employment law, social security, and social protection, by the data controller or the data subject. Alternatively, such processing may be based on Art. 9(2)(c) GDPR for the protection of vital interests of the applicants or other persons, or for the purposes of preventive or occupational medicine, the assessment of the applicant’s working capacity, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services under Art. 9(2)(h) GDPR. In the event of voluntary consent for the disclosure of special categories of data, the processing is based on Art. 9(2)(a) GDPR.

Deletion of Data:

The data provided by applicants can be further processed for the purpose of employment if the application is successful. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicants also have the right to withdraw their application at any time, in which case their data will be deleted. Deletion will take place, subject to any justified revocation by the applicant, no later than six months after the application process to allow us to respond to any follow-up questions related to the application and to fulfil our obligations under equal treatment regulations for applicants. Invoices for any reimbursement of travel expenses will be archived in accordance with tax regulations.

Inclusion in an Applicant Pool:

Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, will not affect the ongoing application process, and can be revoked at any time for the future.

Processed Data Categories:

• Basic data (e.g., names, addresses)

• Contact details (e.g., email, phone numbers)

• Content data (e.g., entries in online forms)

• Applicant data (e.g., personal information, postal and contact addresses, application documents, such as cover letters, resumes, certificates, and any other information voluntarily provided by applicants regarding their person or qualifications).

Affected Persons: Applicants.

Purposes of Processing: Application process (establishment and possible subsequent implementation and termination of the employment relationship).

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Cloud Services:

We use internet-accessible software services (commonly known as “Cloud Services” or “Software as a Service”) for the following purposes: document storage and management, calendar management, email sending, spreadsheets, and presentations, sharing documents, content, and information with specific recipients or publishing web pages, forms, or other content and information, as well as engaging in chats and participating in audio and video conferences.

Within this framework, personal data may be processed and stored on the servers of the providers to the extent that they are part of communication processes with us or are otherwise processed by us as outlined in this privacy policy. This data may include user master data and contact details, data on processes, contracts, and other procedures, and their contents. The providers of cloud services also process usage data and metadata that they use for security purposes and service optimization.

If we use the cloud services to provide forms or other documents and content for other users or publicly accessible websites, the providers may store cookies on the users’ devices for web analysis purposes or to remember user settings (e.g., media control settings).

Processed Data Categories:

• Basic data (e.g., names, addresses)

• Contact details (e.g., email, phone numbers)

• Content data (e.g., entries in online forms)

• Usage data (e.g., visited websites, interest in content, access times)

• Meta/communication data (e.g., device information, IP addresses)

• Image and/or video recordings (e.g., photographs or video recordings of a person)

Affected Persons: Customers, Employees (e.g., employees, applicants, former employees), Prospects, Communication Partners

Purposes of Processing: Office and organizational procedures, Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.), Provision of contractual services and customer services.

Legal Basis: Fulfilment of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Adobe Creative Cloud: Applications and cloud storage for photo editing, video editing, graphic design, and web development; Service provider: Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.adobe.com/de/creativecloud.html ; Privacy policy: https://www.adobe.com/de/privacy.html ; Data processing agreement: Provided by the service provider; Standard contractual clauses (ensuring data protection level for processing in third countries): Included in the data processing agreement.

Dropbox: Cloud storage service; Service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.dropbox.com/de ; Privacy policy: https://www.dropbox.com/privacy ; Data processing agreement: https://assets.dropbox.com/ documents/en/legal/dfb-data-processing-agreement.pdf ; Standard contractual clauses (ensuring data protection level for processing in third countries): https://assets.dropbox.com/ ocuments/en/legal/dfb-data-processing-agreement.pdf.

Google Cloud Storage: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://cloud.google.com/ ; Privacy policy: https://policies.google.com/privacy ; Data processing agreement: https://cloud.google.com/terms/data-processing-terms ; Standard contractual clauses (ensuring data protection level for processing in third countries): https://cloud.google.com/terms/eu-model-contract-clause ; Additional information: https://cloud.google.com/privacy .

Web Analysis, Monitoring, and Optimization:

Web analysis (also known as “reach measurement”) is used to evaluate the visitor traffic on our online offering and may include behaviour, interests, or demographic information about the visitors, such as age or gender, in pseudonymous form. Through the reach analysis, we can, for example, determine the times when our online offering or its features or content are most frequently used or call for improvements. Likewise, we can identify areas that require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes, and information can be stored and read from a browser or an end device. The information collected includes visited web pages and elements used there, as well as technical information such as the browser used and the computer system used, as well as information about usage times. If users have agreed to the collection of their location data, either to us or to the providers of the services we use, location data may also be processed.

We also store users’ IP addresses. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, within the scope of web analysis, A/B testing, and optimization, no clear data of users (such as email addresses or names) are stored, but pseudonyms are used. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Processed Data Types: Usage data (e.g., visited web pages, interests in content, access times); Meta/communication data (e.g., device information, IP addresses). Affected Individuals: Users (e.g., website visitors, users of online services). Purposes of Processing: Reach measurement (e.g., access statistics, recognition of recurring visitors); Profiles with user-related information (creation of user profiles); Tracking (e.g., interest/behavior-based profiling, use of cookies); Provision of our online offering and user-friendliness. Security Measures: IP masking (pseudonymization of the IP address). Legal Basis: Consent (Art. 6 para. 1 lit. a) GDPR).

Further Information on Processing Procedures, Processes, and Services:

Adobe Analytics: Adobe Analytics; Service provider: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR); Website: https://www.adobe.com/de /analytics/adobe-analytics.html ; Privacy Policy: https://www.adobe.com/de/ privacy.html .

Google Analytics: Web analysis, reach measurement, and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/ ; Privacy Policy: https://policies.google.com/privacy ; https://business.safety.google/ adsprocessorterms ; Standard Contractual Clauses (Ensuring Data Protection Level for Processing in Third Countries): https://business.safety.google/adsprocessorterms ; Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en , Settings for Displaying Advertisements: https://adssettings.google.com/authenticated ; Further Information: https://privacy.google.com/businesses/adsservices (types of processing and processed data).

Plugins, embedded functions, and contents

In our online offering, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These elements may include graphics, videos, or maps (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content or functionality. We make every effort to use only content from providers who use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow the evaluation of information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ device and may contain technical information about the browser and operating system, referring websites, visit times, and other information about the use of our online offering, as well as be combined with such information from other sources.

Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses); Master data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Event data (Facebook) (“Event data” refers to data that can be transmitted to Facebook by us via Facebook pixel (via apps or other means) and relate to individuals or their actions. This data includes information about visits to websites, interactions with content, features, app installations, product purchases, etc. Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences). Event data does not include the actual content (such as posted comments), login information, or contact information (i.e., no names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years, and target groups formed from this data are deleted with the deletion of our Facebook account).

Affected individuals: Users (e.g., website visitors, users of online services). Purposes of processing: Provision of our online offering and user-friendliness; Creation of user profiles with user-related information; Marketing. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Integration of third-party software, scripts, or frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g., function libraries that we use for the presentation or user-friendliness of our online offering). In this process, the respective providers collect the IP address of users and may process it for the purpose of transmitting the software to the users’ browsers, as well as for security, evaluation, and optimization of their offering. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.

YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.youtube.com ; Privacy Policy: https://policies.google.com/privacy ; Opt-Out possibility (Opt-Out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=en , Settings for displaying advertisements: https://adssettings.google.com/authenticated.

Vimeo: Video content; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://vimeo.com ; Privacy Policy: https://vimeo.com/privacy ; Opt-Out possibility (Opt-Out): We would like to point out that Vimeo may use Google Analytics, and we refer to the privacy policy (https://policies.google.com/privacy ) and the opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=en ) or the settings of Google for data use for marketing purposes (https://adssettings.google.com /).

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will update the privacy policy as necessary when changes to the data processing we conduct require it. We will inform you when such changes require your action (e.g., consent) or any other individual notification.

Please note that if we provide addresses and contact information of companies and organizations in this privacy policy, these details may change over time. Therefore, we ask you to verify the information before contacting them.

As an affected person under the GDPR, you have various rights as provided in Articles 15 to 21 of the GDPR:

Right to Object: You have the right to object at any time, on grounds relating to your situation, to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to Withdraw Consent: If you have given your consent for certain data processing activities, you have the right to withdraw your consent at any time.

Right to Information: You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, the right to access such personal data and receive additional information according to legal requirements.

Right to Rectification: You have the right to request the completion of incomplete personal data or the rectification of inaccurate personal data concerning you according to legal requirements.

Right to Erasure and Restriction of Processing: You have the right, subject to legal requirements, to demand the immediate deletion of personal data concerning you, or alternatively, the restriction of processing of such data.

Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller according to legal requirements.

Right to Lodge a Complaint: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State where you are habitually resident, your place of work, or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

Please note that these rights are subject to certain conditions and exceptions as specified in the GDPR. If you have any questions or wish to exercise any of these rights, please contact us using the provided contact details in this privacy policy.