Data Protection Declaration

Thank you for your interest in our company. In principle, it is possible to use our website without providing any personal data. However, if a data subject wants to make use of certain company services via our website, it may be necessary to process his or her personal data.
The aim of this privacy policy is to inform the public about the nature, scope and purpose of the personal data that we collect, use and process. This privacy policy also explains the rights that data subjects have.

1. Definitions

1) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for processing.

3) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

5) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

10) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Name and address of the controller
   The controller within the meaning of the General Data Protection Regulation and other national data protection laws in the Member States and other data protection regulations is:
   Eutect GmbH
   Managing director:
   Matthias Fehrenbach
   Filsenbergstrasse 10
   72144 Dusslingen
   Germany
   Tel.: +49 (0) 7072-92890-0
   Fax: +49 (0) 7072-92890-92
   Email: info@eutect.de
   Website: www.eutect.de

III. Name and address of the data protection officer
The controller’s data protection officer is:
Lothar Dieter
c/o Eutect GmbH
Filsenbergstrasse 10
72144 Dusslingen
Germany
Tel.: +49 (0) 7072-92890-21
Email: datenschutz@eutect.de

1. Scope of the processing of personal data
   In principle, we process the personal data of our users only when this is necessary for the provision of a functioning website and its content and services.
2. Legal bases for the processing of personal data
   Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis, provided that we obtain consent from the data subject to carry out processing operations on his or her personal data.
   For the processing of personal data that is necessary for the performance of a contract to which the data subject is party, the legal basis is Article 6 (1) (b) GDPR. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.
   If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Article 6 (1) (c) GDPR.
   In the event that the vital interests of the data subject or of another natural person make the processing of personal data necessary, Article 6 (1) (d) GDPR serves as the legal basis.
   If processing is necessary for the purposes of safeguarding the legitimate interests pursued by our company or a third party and if the interests and fundamental rights and freedoms of the data subject do not override the former interest, Article 6 (1) (f) GDPR serves as the legal basis.
3. Data erasure and storage period
   The personal data of the data subject are erased or made inaccessible as soon as the purpose of the storage no longer applies. Data can also be stored if this has been provided for by European or national legislators in Union regulations, laws or other requirements to which the controller is subject. The data are also made inaccessible or erased when the storage period, specified by the standards referred to, has elapsed, unless further storage of the data is necessary for entering into or performance of a contract.

VII. Transfer of data to third parties
As a basic principle, your personal data are not transferred to third parties for any purpose other than those listed below.
We disclose your personal data to third parties only if:
• you have given your explicit consent in accordance with Article 6 (1) sentence 1 (a) GDPR for us to do so;
• it is necessary in accordance with Article 6 (1) sentence 1 (f) GDPR to disclose the data for the establishment, exercise or defence of legal claims and if there are no reasons to consider that you have an overriding legitimate interest in the non-disclosure of your data;
• there is a legal obligation to disclose the data in accordance with Article 6 (1) sentence 1 (c) GDPR;
• this is permitted by law and is necessary in accordance with Article 6 (1) sentence 1 (b) GDPR for the performance of a contract to which you are party.

VIII. Description and scope of the data processing

1. Requesting the website
2. Description and scope of the data processing
   Every time our website is requested, our system automatically records data and information from the computer system on the requesting computer.
   The following data are collected during this process:
   (1) Information about the browser type and version used;
   (2) The user’s operating system;
   (3) The user’s internet service provider;
   (4) The user’s IP address;
   (5) Date and time the website is accessed;
   (6) Websites which directed the user’s system to our website;
   (7) Websites that the user’s system requests via our website.

The log files contain IP addresses or other data which allow them to be attributed to a user. This may be the case if, for example, the link to the website which directs the user to our website or the link to the website which the user switches to contains personal data.

The data are also stored in the log files of our system. We do not store these data together with other personal data concerning the user.

1. Legal basis
   The legal basis for the temporary storage of data and log files is Article 6 (1) l (f) GDPR.
2. Purpose
   It is necessary for our system to temporarily store the IP address so that it can deliver the website to the user’s computer. The user’s IP address must be stored for the duration of the session in order to do this.
   The data are stored in log files in order to ensure that the website functions properly. The data also help us to optimise our website and to ensure that our information technology systems are secure. In that context, we do not analyse the data for marketing purposes.
   These purposes represent our legitimate interest in the data processing in accordance with Article 6 (1) (f) GDPR.
3. Storage period
   The data are erased once they are no longer necessary for achieving the purpose for which they were collected. For data that are recorded to enable the provision of the website, this is when the session has ended.
   For data that are stored in log files, this is after seven days at the latest. They may be stored for longer than this. In this case, the users’ IP addresses are erased or anonymised so that it is no longer possible to attribute the data to the client making the request.
4. Right to objection and removal
   It is absolutely necessary both to record data in order to provide our website and to store the data in log files in order to operate our website. The user therefore does not have the right to object to this.
5. Cookies
6. Description and scope of the data processing
   Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. A cookie may be stored on a user’s operating system if the user requests a website. This cookie contains a character string which allows the browser to be easily identified when it next requests the same website.

When the website is requested, only the following session ID cookies (necessary for the technical provision of the website) are placed:

be_typo_user = Typo3 backend user session identification (login)
fe_typo_user = Typo3 user session identifier (login)
PHPSESSID = This session cookie places a random session ID for Typo3

1. Legal basis
   The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.
2. Purpose
   Cookies that are necessary for technical provision are used in order to enable and make it easier for users to use websites. Some of the functions of our website will not function without the use of cookies. These functions require the browser to be recognised even after the user has switched sites.
3. Storage period and right to removal
   All three of the aforementioned cookies expire once the session has ended.
   As a user, you have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. They can also be automatically deleted. If cookies are disabled for our website, it may no longer be possible to use all the functions on our website properly.
4. Email contact
   a. Description and scope of the data processing
   It is possible to contact us via the email address provided. In this case, we store the user’s personal data transferred via the email. In that context, we do not disclose these data to third parties. The data are used solely to process the communication.
5. Legal basis
   The legal basis for the processing of data that are transferred when a user contacts us is Article 6 (1) (f) GDPR. If the purpose of the email correspondence is to enter into a contract, the additional legal basis for the processing of the data is Article 6 (1) (b) GDPR.
6. Purpose
   We process personal data in order to process correspondence. Email correspondence also represents the necessary legitimate interest in the processing of the data.
7. Storage period
   The data are erased once they are no longer necessary for achieving the purpose for which they were collected. For personal data submitted via the input mask on the contact form and personal data sent via email, this is the case when the respective communication with the user has come to an end. The communication comes to an end when circumstances indicate that the matter in question has been fully resolved, unless it is necessary to retain the data for reasons relating to civil, commercial or tax law in accordance with Article 6 (1) (c) GDPR.

The additional personal data collected during the submission process are erased after a period of seven days at the latest.

1. Right to objection and removal
   The user may at any time withdraw his or her consent for the processing of his or her personal data. If the user contacts us via email, her or she may object to the storage of his or her personal data at any time. In such a case, communication cannot be continued.
   All personal data that were stored in the process of the correspondence are erased in this case.
2. Newsletter / news feed
3. Description and scope of the data processing
   You have the option of signing up to our newsletter or news feed.
   For the news feed you can choose a bookmark and attach it to your toolbar, for example.
   The following data are collected in the process:

You can sign up to our newsletter using the input mask provided on our website.
The input mask collects the following data:
Gender
Surname
Email address
The following information is also collected during the sign-up process:
(1) IP address
(2) Date and time of the registration.
When you sign up to the newsletter, you must also input a randomly generated code. This is to prevent robots from completing the sign-up process.
Once you have completed the form, you will receive an email asking you to confirm that you wish to sign up to the newsletter. This confirmation is necessary to prevent anyone from signing up with another person’s email address. The sign-ups to our newsletter are logged to demonstrate that the sign-up process complies with legal requirements. This includes storing the time of the sign-up and of the confirmation as well as the IP address. Changes to your data stored by the newsletter service provider are also logged.

1. Legal basis
   The newsletters are sent out and their performance measured on the basis of the recipient’s consent in accordance with Article 6 (1) (a) and Article 7 GDPR in conjunction with Section 7 (2) no. 3 of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb).

The sign-up process is logged on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our interest is directed towards using a user-friendly and secure newsletter system that both serves our professional interests and meets the expectations of users and also allows us to demonstrate that consent has been given.

1. Purpose
   Our newsletter serves to maintain our company image and to distribute the latest information about our company to interested users.
2. Newsletter / direct marketing

The legal basis for the transmission of communications is Section 7 (3) of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb) provided that:
• we have received your email address in connection with the sale of goods or services; and
• we use this email address for the direct advertising of similar goods or services; and
• you have not objected to the use of your email address and you were clearly and unequivocally advised when providing your email address and are clearly and unequivocally advised in every newsletter that you can object to this use at any time without incurring any costs other than transmission costs at the basic rates.

1. Storage period
   If a user unsubscribes from our newsletter / news feed, his or her data are erased, unless it is necessary to retain the data for reasons relating to civil, commercial or tax law in accordance with Article 6 (1) (c) GDPR.
2. Unsubscribing/withdrawal of consent
   You can unsubscribe from our newsletter – i.e. withdraw your consent – at any time. There is an unsubscribe link at the bottom of every newsletter.
   On the basis of our legitimate interests, we can store email addresses removed from the mailing list for up to three years before erasing them so that we are able to demonstrate prior consent. The processing of these data is limited to possible defence against claims. It is possible to make an individual request at any time for these data to be erased, provided that you also confirm the existence of prior consent.
3. Facebook
   a. Description and scope of the data processing

We maintain an online presence on social networks such as Facebook in order to communicate with customers who are active on those sites, potential customers and users and to inform them of our services. When these networks and platforms are requested, the terms and conditions and the data processing directives of the operators concerned apply. Unless indicated otherwise in our privacy policy, we process users’ data insofar as they communicate with us on these social networks and platforms, e.g. by posting on our pages or by sending us messages.
You can view our Facebook page by clicking on the hyperlink on our website.

Clicking on this hyperlink informs Facebook that your browser has requested the relevant page on our website, even if you do not have a Facebook account or if do have an account but are not signed in. This information (including your IP address) is directly transferred from your browser to a Facebook server in the USA, where it is then stored. This means that, even if you do not have a Facebook account, there is still a possibility that Facebook will learn and store your IP address.
If you are signed in to Facebook, Facebook can attribute your visit to our Facebook page to your Facebook account. If you interact with the content on our Facebook page, for example by clicking on the like or share button, this information is also directly transferred to a Facebook server, where it is then stored. This information is published on Facebook and is visible to your Facebook friends.
Facebook can use this information for advertising purposes, market research and to design Facebook pages so that they meet the needs of users. To this end, Facebook creates profiles on your usage, interests and relationships, for instance in order to analyse your use of our website with regard to the adverts you are shown on Facebook, to inform other Facebook users of your activity on our website and to render other services associated with the use of Facebook.
If you do not want Facebook to attribute the data collected from our online presence to your Facebook account, you must sign out of Facebook before you visit our website.
The purpose and scope of the data that Facebook collects, processes and uses and your rights in this respect and the settings available to protect your privacy can be found in Facebook’s privacy notice (https://www.facebook.com/about/privacy/).

1. Legal basis

The legal basis is Article 6 (1) (f) GDPR. We maintain a presence on Facebook in order to communicate with customers who are active on Facebook, potential customers and users and to provide you with an alternative way of keeping up to date with our company and services. This also constitutes the purpose.

7. Google Analytics
8. Description and scope of the data processing
   This website uses Google Analytics, a web analysis service from Google LLC (‘Google’). Google Analytics uses cookies – text files that are stored on your computer and help to analyse how you use a particular website. For this purpose, pseudonymised user profiles are created and cookies used. The cookie generates the following information concerning your use of this website:
   (1) Browser type/version;
   (2) Operating system used;
   (3) Referrer URL (the site visited prior to this site);
   (4) Hostname of the computer accessing the site (IP address);
   (5) Time of the server request.
   The information generated by the cookie concerning your use of this site is generally transferred to a Google server in the USA, where it is then stored.
   More information on how Google Analytics uses personal data can be found in Google’s privacy policy and on Google Analytics Help.
   This website uses Google Analytics’s IP anonymisation feature, however. Within European Union Member States and in other states within the European Economic Area, this feature shortens your IP address before it is transferred. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA before being shortened. On behalf of the operator of this website, Google will use this information in order to analyse your use of the website, to compile reports on the website’s activity and to provide other services associated with the use of the website and the internet for the website operator. The IP address transferred from your browser as part of Google Analytics is not merged with other data from Google.
9. Legal basis
   The legal basis is Article 6 (1) (f) GDPR.
10. Purpose
    The purpose is to be able to design our web pages so that they meet the needs of users and to be able to continually optimise them.
11. Storage period
    Users’ personal data are erased or anonymised after 14 months.
12. Objection to data recording
    You can prevent cookies from being placed by selecting the relevant setting for your browser software. However, please be advised that if you do so, you may not be able to use all of the functions on our website properly. You can also prevent Google from recording and processing the data generated by the cookie (including your IP address) that relate to how you use the website by downloading and installing a browser plug-in available from Google: https://tools.google.com/dlpage/gaoptout.
    As an alternative to the browser add-on, and in particular for browsers on mobile end devices, you can prevent Google Analytics from recording data by clicking on this link. This places an opt-out cookie, which prevents your data from being recorded when you visit this website in future. The opt-out cookie applies only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to place the opt-out cookie again.
13. Business-related processing

We process
– contract data, e.g. contractual object, term, customer category, name, address
– payment details, e.g. bank details, payment history

relating to our customers, potential customers and business partners in order to provide contractual services, support, customer care, marketing, advertising and to carry out market research.

1. Rights of the data subject
   You are a data subject within the meaning of the GDPR if your personal data are processed. You have the following rights in relation to the controller:
2. Right of access, Article 15 GDPR
   In accordance with Article 15 GDPR, you can obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.
   Where that is the case, you can obtain from the controller access to the following information:
   (1) The purposes of the processing of personal data;
   (2) The categories of personal data concerned;
   (3) The recipients or categories of recipient to whom personal data relating to you have been or will be disclosed;
   (4) The envisaged period for which personal data relating to you will be stored, or, if it is not possible to provide concrete information on this, the criteria used to determine that storage period;
   (5) The existence of the right to request from the controller rectification or erasure of personal data relating to you or restriction of processing of personal data relating to you or to object to such processing;
   (6) The right to lodge a complaint with a supervisory authority;
   (7) Any available information as to the source of the personal data where they are not collected from the data subject;
   (8) The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
   You have the right to be informed whether personal data relating to you are being transferred to a third country or to an international organisation. In that context, you have the right to be informed of the appropriate safeguards in accordance with Article 46 GDPR relating to the transfer.
   2. Right to rectification, Article 16 GDPR
   In accordance with Article 16 GDPR, you have the right to obtain from the controller rectification and/or completion, provided that your processed personal data are inaccurate or incomplete. The controller must perform the rectification without undue delay.
3. Right to erasure (‘right to be forgotten’), Article 17 GDPR
   a) Obligation to erase data
   You have the right to obtain from the controller the erasure of personal data relating to you without undue delay and the controller has the obligation to erase those data without undue delay where one of the following grounds applies:
   (1) The personal data relating to you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   (2) You withdraw your consent on which the processing is based according to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
   (3) You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) GDPR;
   (4) The personal data relating to you have been unlawfully processed;
   (5) The personal data relating to you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
   (6) The personal data relating to you have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
   b) Information sent to third parties
   Where the controller has made personal data relating to you public and is obliged in accordance with Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
   c) Exceptions
   The right to erasure does not apply to the extent that processing is necessary:
   (1) for exercising the right of freedom of expression and information;
   (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
   (3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) GDPR;
   (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
   (5) for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing, Article 18 GDPR
   Where one of the following applies, you have the right to obtain restriction of processing of personal data relating to you:
   (1) if you contest the accuracy of personal data relating to you for a period which enables the controller to verify the accuracy of the personal data;
   (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
   (3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
   (4) if you have objected to processing in accordance with Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your own.
   Where the processing of personal data relating to you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
   Where the processing of data has been restricted in accordance with the aforementioned prerequisites, you shall be informed by the controller before the restriction is lifted.
   5. Notification obligation, Article 19 GDPR
   If you have asserted your right to obtain from the controller rectification, erasure or restriction of processing, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom personal data relating to you have been disclosed, unless this proves impossible or involves disproportionate effort.
   You have the right to be informed by the controller about those recipients.
   6. Right to data portability, Article 20 GDPR
   You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
   (1) the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR; and
   (2) the processing is carried out by automated means.
   In exercising this right, you also have the right to have personal data relating to you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected by this.
   The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
   7. Right to object, Article 21 GDPR
   You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
   The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
   Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
   If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
   In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
5. Right to withdraw consent for data processing, Article 7 (3) GDPR
   You have the right to withdraw your consent for data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
   9. Automated individual decision-making, including profiling, Article 22 GDPR
   You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
   (1) is necessary for entering into, or performance of, a contract between you and the controller;
   (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
   (3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority, Article 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

1. Updates and changes to this privacy policy

This privacy policy is currently applicable and was last updated in May 2018. It may be necessary to change this privacy policy as we develop our website and its services or to reflect amended legal or official requirements. The up-to-date version of our privacy policy is always available on our website.

Thank you for your interest in our company. In principle, it is possible to use our website without providing any personal data. However, if a data subject wants to make use of certain company services via our website, it may be necessary to process his or her personal data.
The aim of this privacy policy is to inform the public about the nature, scope and purpose of the personal data that we collect, use and process. This privacy policy also explains the rights that data subjects have.

1. Definitions

1) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for processing.

3) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

5) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

10) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1. Name and address of the controller
   The controller within the meaning of the General Data Protection Regulation and other national data protection laws in the Member States and other data protection regulations is:
   Eutect GmbH
   Managing director:
   Matthias Fehrenbach
   Filsenbergstrasse 10
   72144 Dusslingen
   Germany
   Tel.: +49 (0) 7072-92890-0
   Fax: +49 (0) 7072-92890-92
   Email: info@eutect.de
   Website: www.eutect.de

III. Name and address of the data protection officer
The controller’s data protection officer is:
Lothar Dieter
c/o Eutect GmbH
Filsenbergstrasse 10
72144 Dusslingen
Germany
Tel.: +49 (0) 7072-92890-21
Email: datenschutz@eutect.de

1. Scope of the processing of personal data
   In principle, we process the personal data of our users only when this is necessary for the provision of a functioning website and its content and services.
2. Legal bases for the processing of personal data
   Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis, provided that we obtain consent from the data subject to carry out processing operations on his or her personal data.
   For the processing of personal data that is necessary for the performance of a contract to which the data subject is party, the legal basis is Article 6 (1) (b) GDPR. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.
   If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Article 6 (1) (c) GDPR.
   In the event that the vital interests of the data subject or of another natural person make the processing of personal data necessary, Article 6 (1) (d) GDPR serves as the legal basis.
   If processing is necessary for the purposes of safeguarding the legitimate interests pursued by our company or a third party and if the interests and fundamental rights and freedoms of the data subject do not override the former interest, Article 6 (1) (f) GDPR serves as the legal basis.
3. Data erasure and storage period
   The personal data of the data subject are erased or made inaccessible as soon as the purpose of the storage no longer applies. Data can also be stored if this has been provided for by European or national legislators in Union regulations, laws or other requirements to which the controller is subject. The data are also made inaccessible or erased when the storage period, specified by the standards referred to, has elapsed, unless further storage of the data is necessary for entering into or performance of a contract.

VII. Transfer of data to third parties
As a basic principle, your personal data are not transferred to third parties for any purpose other than those listed below.
We disclose your personal data to third parties only if:
• you have given your explicit consent in accordance with Article 6 (1) sentence 1 (a) GDPR for us to do so;
• it is necessary in accordance with Article 6 (1) sentence 1 (f) GDPR to disclose the data for the establishment, exercise or defence of legal claims and if there are no reasons to consider that you have an overriding legitimate interest in the non-disclosure of your data;
• there is a legal obligation to disclose the data in accordance with Article 6 (1) sentence 1 (c) GDPR;
• this is permitted by law and is necessary in accordance with Article 6 (1) sentence 1 (b) GDPR for the performance of a contract to which you are party.

VIII. Description and scope of the data processing

1. Requesting the website
2. Description and scope of the data processing
   Every time our website is requested, our system automatically records data and information from the computer system on the requesting computer.
   The following data are collected during this process:
   (1) Information about the browser type and version used;
   (2) The user’s operating system;
   (3) The user’s internet service provider;
   (4) The user’s IP address;
   (5) Date and time the website is accessed;
   (6) Websites which directed the user’s system to our website;
   (7) Websites that the user’s system requests via our website.

The log files contain IP addresses or other data which allow them to be attributed to a user. This may be the case if, for example, the link to the website which directs the user to our website or the link to the website which the user switches to contains personal data.

The data are also stored in the log files of our system. We do not store these data together with other personal data concerning the user.

1. Legal basis
   The legal basis for the temporary storage of data and log files is Article 6 (1) l (f) GDPR.
2. Purpose
   It is necessary for our system to temporarily store the IP address so that it can deliver the website to the user’s computer. The user’s IP address must be stored for the duration of the session in order to do this.
   The data are stored in log files in order to ensure that the website functions properly. The data also help us to optimise our website and to ensure that our information technology systems are secure. In that context, we do not analyse the data for marketing purposes.
   These purposes represent our legitimate interest in the data processing in accordance with Article 6 (1) (f) GDPR.
3. Storage period
   The data are erased once they are no longer necessary for achieving the purpose for which they were collected. For data that are recorded to enable the provision of the website, this is when the session has ended.
   For data that are stored in log files, this is after seven days at the latest. They may be stored for longer than this. In this case, the users’ IP addresses are erased or anonymised so that it is no longer possible to attribute the data to the client making the request.
4. Right to objection and removal
   It is absolutely necessary both to record data in order to provide our website and to store the data in log files in order to operate our website. The user therefore does not have the right to object to this.
5. Cookies
6. Description and scope of the data processing
   Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. A cookie may be stored on a user’s operating system if the user requests a website. This cookie contains a character string which allows the browser to be easily identified when it next requests the same website.

When the website is requested, only the following session ID cookies (necessary for the technical provision of the website) are placed:

be_typo_user = Typo3 backend user session identification (login)
fe_typo_user = Typo3 user session identifier (login)
PHPSESSID = This session cookie places a random session ID for Typo3

1. Legal basis
   The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.
2. Purpose
   Cookies that are necessary for technical provision are used in order to enable and make it easier for users to use websites. Some of the functions of our website will not function without the use of cookies. These functions require the browser to be recognised even after the user has switched sites.
3. Storage period and right to removal
   All three of the aforementioned cookies expire once the session has ended.
   As a user, you have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. They can also be automatically deleted. If cookies are disabled for our website, it may no longer be possible to use all the functions on our website properly.
4. Email contact
   a. Description and scope of the data processing
   It is possible to contact us via the email address provided. In this case, we store the user’s personal data transferred via the email. In that context, we do not disclose these data to third parties. The data are used solely to process the communication.
5. Legal basis
   The legal basis for the processing of data that are transferred when a user contacts us is Article 6 (1) (f) GDPR. If the purpose of the email correspondence is to enter into a contract, the additional legal basis for the processing of the data is Article 6 (1) (b) GDPR.
6. Purpose
   We process personal data in order to process correspondence. Email correspondence also represents the necessary legitimate interest in the processing of the data.
7. Storage period
   The data are erased once they are no longer necessary for achieving the purpose for which they were collected. For personal data submitted via the input mask on the contact form and personal data sent via email, this is the case when the respective communication with the user has come to an end. The communication comes to an end when circumstances indicate that the matter in question has been fully resolved, unless it is necessary to retain the data for reasons relating to civil, commercial or tax law in accordance with Article 6 (1) (c) GDPR.

The additional personal data collected during the submission process are erased after a period of seven days at the latest.

1. Right to objection and removal
   The user may at any time withdraw his or her consent for the processing of his or her personal data. If the user contacts us via email, her or she may object to the storage of his or her personal data at any time. In such a case, communication cannot be continued.
   All personal data that were stored in the process of the correspondence are erased in this case.
2. Newsletter / news feed
3. Description and scope of the data processing
   You have the option of signing up to our newsletter or news feed.
   For the news feed you can choose a bookmark and attach it to your toolbar, for example.
   The following data are collected in the process:

You can sign up to our newsletter using the input mask provided on our website.
The input mask collects the following data:
Gender
Surname
Email address
The following information is also collected during the sign-up process:
(1) IP address
(2) Date and time of the registration.
When you sign up to the newsletter, you must also input a randomly generated code. This is to prevent robots from completing the sign-up process.
Once you have completed the form, you will receive an email asking you to confirm that you wish to sign up to the newsletter. This confirmation is necessary to prevent anyone from signing up with another person’s email address. The sign-ups to our newsletter are logged to demonstrate that the sign-up process complies with legal requirements. This includes storing the time of the sign-up and of the confirmation as well as the IP address. Changes to your data stored by the newsletter service provider are also logged.

1. Legal basis
   The newsletters are sent out and their performance measured on the basis of the recipient’s consent in accordance with Article 6 (1) (a) and Article 7 GDPR in conjunction with Section 7 (2) no. 3 of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb).

The sign-up process is logged on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our interest is directed towards using a user-friendly and secure newsletter system that both serves our professional interests and meets the expectations of users and also allows us to demonstrate that consent has been given.

1. Purpose
   Our newsletter serves to maintain our company image and to distribute the latest information about our company to interested users.
2. Newsletter / direct marketing

The legal basis for the transmission of communications is Section 7 (3) of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb) provided that:
• we have received your email address in connection with the sale of goods or services; and
• we use this email address for the direct advertising of similar goods or services; and
• you have not objected to the use of your email address and you were clearly and unequivocally advised when providing your email address and are clearly and unequivocally advised in every newsletter that you can object to this use at any time without incurring any costs other than transmission costs at the basic rates.

1. Storage period
   If a user unsubscribes from our newsletter / news feed, his or her data are erased, unless it is necessary to retain the data for reasons relating to civil, commercial or tax law in accordance with Article 6 (1) (c) GDPR.
2. Unsubscribing/withdrawal of consent
   You can unsubscribe from our newsletter – i.e. withdraw your consent – at any time. There is an unsubscribe link at the bottom of every newsletter.
   On the basis of our legitimate interests, we can store email addresses removed from the mailing list for up to three years before erasing them so that we are able to demonstrate prior consent. The processing of these data is limited to possible defence against claims. It is possible to make an individual request at any time for these data to be erased, provided that you also confirm the existence of prior consent.
3. Facebook
   a. Description and scope of the data processing

We maintain an online presence on social networks such as Facebook in order to communicate with customers who are active on those sites, potential customers and users and to inform them of our services. When these networks and platforms are requested, the terms and conditions and the data processing directives of the operators concerned apply. Unless indicated otherwise in our privacy policy, we process users’ data insofar as they communicate with us on these social networks and platforms, e.g. by posting on our pages or by sending us messages.
You can view our Facebook page by clicking on the hyperlink on our website.

Clicking on this hyperlink informs Facebook that your browser has requested the relevant page on our website, even if you do not have a Facebook account or if do have an account but are not signed in. This information (including your IP address) is directly transferred from your browser to a Facebook server in the USA, where it is then stored. This means that, even if you do not have a Facebook account, there is still a possibility that Facebook will learn and store your IP address.
If you are signed in to Facebook, Facebook can attribute your visit to our Facebook page to your Facebook account. If you interact with the content on our Facebook page, for example by clicking on the like or share button, this information is also directly transferred to a Facebook server, where it is then stored. This information is published on Facebook and is visible to your Facebook friends.
Facebook can use this information for advertising purposes, market research and to design Facebook pages so that they meet the needs of users. To this end, Facebook creates profiles on your usage, interests and relationships, for instance in order to analyse your use of our website with regard to the adverts you are shown on Facebook, to inform other Facebook users of your activity on our website and to render other services associated with the use of Facebook.
If you do not want Facebook to attribute the data collected from our online presence to your Facebook account, you must sign out of Facebook before you visit our website.
The purpose and scope of the data that Facebook collects, processes and uses and your rights in this respect and the settings available to protect your privacy can be found in Facebook’s privacy notice (https://www.facebook.com/about/privacy/).

1. Legal basis

The legal basis is Article 6 (1) (f) GDPR. We maintain a presence on Facebook in order to communicate with customers who are active on Facebook, potential customers and users and to provide you with an alternative way of keeping up to date with our company and services. This also constitutes the purpose.

7. Google Analytics
8. Description and scope of the data processing
   This website uses Google Analytics, a web analysis service from Google LLC (‘Google’). Google Analytics uses cookies – text files that are stored on your computer and help to analyse how you use a particular website. For this purpose, pseudonymised user profiles are created and cookies used. The cookie generates the following information concerning your use of this website:
   (1) Browser type/version;
   (2) Operating system used;
   (3) Referrer URL (the site visited prior to this site);
   (4) Hostname of the computer accessing the site (IP address);
   (5) Time of the server request.
   The information generated by the cookie concerning your use of this site is generally transferred to a Google server in the USA, where it is then stored.
   More information on how Google Analytics uses personal data can be found in Google’s privacy policy and on Google Analytics Help.
   This website uses Google Analytics’s IP anonymisation feature, however. Within European Union Member States and in other states within the European Economic Area, this feature shortens your IP address before it is transferred. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA before being shortened. On behalf of the operator of this website, Google will use this information in order to analyse your use of the website, to compile reports on the website’s activity and to provide other services associated with the use of the website and the internet for the website operator. The IP address transferred from your browser as part of Google Analytics is not merged with other data from Google.
9. Legal basis
   The legal basis is Article 6 (1) (f) GDPR.
10. Purpose
    The purpose is to be able to design our web pages so that they meet the needs of users and to be able to continually optimise them.
11. Storage period
    Users’ personal data are erased or anonymised after 14 months.
12. Objection to data recording
    You can prevent cookies from being placed by selecting the relevant setting for your browser software. However, please be advised that if you do so, you may not be able to use all of the functions on our website properly. You can also prevent Google from recording and processing the data generated by the cookie (including your IP address) that relate to how you use the website by downloading and installing a browser plug-in available from Google: https://tools.google.com/dlpage/gaoptout.
    As an alternative to the browser add-on, and in particular for browsers on mobile end devices, you can prevent Google Analytics from recording data by clicking on this link. This places an opt-out cookie, which prevents your data from being recorded when you visit this website in future. The opt-out cookie applies only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to place the opt-out cookie again.
13. Business-related processing

We process
– contract data, e.g. contractual object, term, customer category, name, address
– payment details, e.g. bank details, payment history

relating to our customers, potential customers and business partners in order to provide contractual services, support, customer care, marketing, advertising and to carry out market research.

1. Rights of the data subject
   You are a data subject within the meaning of the GDPR if your personal data are processed. You have the following rights in relation to the controller:
2. Right of access, Article 15 GDPR
   In accordance with Article 15 GDPR, you can obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.
   Where that is the case, you can obtain from the controller access to the following information:
   (1) The purposes of the processing of personal data;
   (2) The categories of personal data concerned;
   (3) The recipients or categories of recipient to whom personal data relating to you have been or will be disclosed;
   (4) The envisaged period for which personal data relating to you will be stored, or, if it is not possible to provide concrete information on this, the criteria used to determine that storage period;
   (5) The existence of the right to request from the controller rectification or erasure of personal data relating to you or restriction of processing of personal data relating to you or to object to such processing;
   (6) The right to lodge a complaint with a supervisory authority;
   (7) Any available information as to the source of the personal data where they are not collected from the data subject;
   (8) The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
   You have the right to be informed whether personal data relating to you are being transferred to a third country or to an international organisation. In that context, you have the right to be informed of the appropriate safeguards in accordance with Article 46 GDPR relating to the transfer.
   2. Right to rectification, Article 16 GDPR
   In accordance with Article 16 GDPR, you have the right to obtain from the controller rectification and/or completion, provided that your processed personal data are inaccurate or incomplete. The controller must perform the rectification without undue delay.
3. Right to erasure (‘right to be forgotten’), Article 17 GDPR
   a) Obligation to erase data
   You have the right to obtain from the controller the erasure of personal data relating to you without undue delay and the controller has the obligation to erase those data without undue delay where one of the following grounds applies:
   (1) The personal data relating to you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   (2) You withdraw your consent on which the processing is based according to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
   (3) You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) GDPR;
   (4) The personal data relating to you have been unlawfully processed;
   (5) The personal data relating to you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
   (6) The personal data relating to you have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
   b) Information sent to third parties
   Where the controller has made personal data relating to you public and is obliged in accordance with Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
   c) Exceptions
   The right to erasure does not apply to the extent that processing is necessary:
   (1) for exercising the right of freedom of expression and information;
   (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
   (3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) GDPR;
   (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
   (5) for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing, Article 18 GDPR
   Where one of the following applies, you have the right to obtain restriction of processing of personal data relating to you:
   (1) if you contest the accuracy of personal data relating to you for a period which enables the controller to verify the accuracy of the personal data;
   (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
   (3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
   (4) if you have objected to processing in accordance with Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your own.
   Where the processing of personal data relating to you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
   Where the processing of data has been restricted in accordance with the aforementioned prerequisites, you shall be informed by the controller before the restriction is lifted.
   5. Notification obligation, Article 19 GDPR
   If you have asserted your right to obtain from the controller rectification, erasure or restriction of processing, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom personal data relating to you have been disclosed, unless this proves impossible or involves disproportionate effort.
   You have the right to be informed by the controller about those recipients.
   6. Right to data portability, Article 20 GDPR
   You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
   (1) the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR; and
   (2) the processing is carried out by automated means.
   In exercising this right, you also have the right to have personal data relating to you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected by this.
   The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
   7. Right to object, Article 21 GDPR
   You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
   The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
   Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
   If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
   In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
5. Right to withdraw consent for data processing, Article 7 (3) GDPR
   You have the right to withdraw your consent for data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
   9. Automated individual decision-making, including profiling, Article 22 GDPR
   You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
   (1) is necessary for entering into, or performance of, a contract between you and the controller;
   (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
   (3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority, Article 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

1. Updates and changes to this privacy policy

This privacy policy is currently applicable and was last updated in May 2018. It may be necessary to change this privacy policy as we develop our website and its services or to reflect amended legal or official requirements. The up-to-date version of our privacy policy is always available on our website.